CVE-2025-71284

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

CVE-2019-25388 Smoothwall Express 3.1 'ipblock.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRCIP and COMMENT paramete...

CVE-2019-25386

CVE-2019-25386 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, with multiple reflected XSS vulnerabilities in the dmzholes.cgi script. The issue allows attackers to inject arbitrary JavaScript into users’ browsers by submitting POST requests containing payloads in the SRC_IP, DEST_IP, or...

CVE-2019-25386 Smoothwall Express 3.1 'dmzholes.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the SRCIP, DESTIP,...

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the ipblock.cgi endpoint of the SRCIP and COMMENT parameters of the user-supplied data lack of effective filtering and...