209 matches found
CVE-2019-25381
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests to the hosts.cgi endpoint with script payload...
CVE-2019-25378
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHESIZE, MAXSIZE, MINSIZE, MAXOUTGOINGSIZE, and MAXINCOMINGSIZE. Attackers can submit POS...
CVE-2019-25379
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECTPAGE or CHILDREN parameters to...
CVE-2019-25379
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECTPAGE or CHILDREN parameters to...
CVE-2019-25378
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHESIZE, MAXSIZE, MINSIZE, MAXOUTGOINGSIZE, and MAXINCOMINGSIZE. Attackers can submit POS...
CVE-2019-25394 Smoothwall Express 3.1 'modem.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKERON,...
CVE-2019-25394
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKERON,...
CVE-2019-25394 Smoothwall Express 3.1 'modem.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKERON,...
CVE-2019-25395 Smoothwall Express 3.1 'preferences.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple stored cross-site scripting vulnerabilities in the preferences.cgi script that allow attackers to inject malicious scripts through the HOSTNAME, KEYMAP, and OPENNESS parameters. Attackers can submit POST requests with script payload...
CVE-2019-25395 Smoothwall Express 3.1 'preferences.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple stored cross-site scripting vulnerabilities in the preferences.cgi script that allow attackers to inject malicious scripts through the HOSTNAME, KEYMAP, and OPENNESS parameters. Attackers can submit POST requests with script payload...
CVE-2019-25395
CVE-2019-25395 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9. The vulnerability is a stored cross-site scripting flaw in preferences.cgi, exploitable via POST requests that inject payloads through HOSTNAME, KEYMAP, and OPENNESS parameters. The attacker can store malicious script on the ...
CVE-2019-25394
CVE-2019-25394 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, with stored cross-site scripting in the modem.cgi script. Malicious payloads injected via POST parameters (INIT, HANGUP, SPEAKER_ON, SPEAKER_OFF, TONE_DIAL, PULSE_DIAL) can lead to arbitrary JavaScript execution in users’ bro...
CVE-2019-25393 Smoothwall Express 3.1 'smoothinfo.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation. Attackers can submit POST requests to the smoothinfo.cgi endpoint with script...
CVE-2019-25393 Smoothwall Express 3.1 'smoothinfo.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation. Attackers can submit POST requests to the smoothinfo.cgi endpoint with script...
CVE-2019-25393
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation. Attackers can submit POST requests to the smoothinfo.cgi endpoint with script...
CVE-2019-25393
CVE-2019-25393 — Smoothwall Express 3.1 has a reflected cross-site scripting vulnerability in the smoothinfo.cgi endpoint. The issue arises from insufficient input validation, allowing unauthenticated attackers to submit POST payloads in WRAP or SECTIONTITLE to inject arbitrary JavaScript in vict...
CVE-2019-25392
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. Attackers can send POST requests to the iptools.cgi endpoint with script payloads in the IP...
CVE-2019-25392 Smoothwall Express 3.1 'iptools.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. Attackers can send POST requests to the iptools.cgi endpoint with script payloads in the IP...
CVE-2019-25392
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability in the iptools.cgi endpoint. Attackers can exploit by sending POST requests with malicious payloads in the IP parameter, enabling unauthorized execution of JavaScript in victims’ browsers. The ...
CVE-2019-25392 Smoothwall Express 3.1 'iptools.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. Attackers can send POST requests to the iptools.cgi endpoint with script payloads in the IP...