21 matches found
CVE-2011-1084
CVE-2011-1084 is a cross-site scripting (XSS) vulnerability in Smoothwall Express 3. The CVSS v3.1 base metrics indicate a Network attack vector, Low attack complexity, No privileges required, but User interaction is Required and the scope is Changed, with Low impact on confidentiality and integr...
CVE-2011-1085
The CVE-2011-1085 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in Smoothwall Express 3. The connected records confirm affected software (Smoothwall Express 3) and classify the issue as CSRF, with CVSS details indicating high severity in the newer scope (CVSS 3.1: HIGH, 8.8) a...
CVE-2019-25390
CVE-2019-25390 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9. The vulnerability is a set of multiple reflected cross-site scripting flaws in the interfaces.cgi script, exploitable via posted parameters such as GREEN_ADDRESS, GREEN_NETMASK, RED_DHCP_HOSTNAME, RED_ADDRESS, DNS1_OVERRIDE, ...
CVE-2019-25385
The CVE affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, where the outgoing.cgi endpoint is vulnerable to a reflected cross-site scripting (XSS) via the MACHINE and MACHINECOMMENT parameters. An attacker can craft POST requests to execute arbitrary JavaScript in victims’ browsers and pote...
CVE-2019-25395
CVE-2019-25395 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9. The vulnerability is a stored cross-site scripting flaw in preferences.cgi, exploitable via POST requests that inject payloads through HOSTNAME, KEYMAP, and OPENNESS parameters. The attacker can store malicious script on the ...
CVE-2019-25379
CVE-2019-25379 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, with stored and reflected XSS in the urlfilter.cgi endpoint. Attackers can submit POST payloads in REDIRECT_PAGE or CHILDREN to inject JavaScript in user browsers. The provided metrics show CVSS v3.1 base score 7.2 (HIGH) and...
CVE-2019-25380
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script. The vulnerability enables attackers to inject JavaScript via posted parameters (e.g., BOOT_SERVER, BOOT_FILE, BOOT_ROOT, START_ADDR, END_ADDR, DNS1, DNS2, NTP1,...
CVE-2019-25393
CVE-2019-25393 — Smoothwall Express 3.1 has a reflected cross-site scripting vulnerability in the smoothinfo.cgi endpoint. The issue arises from insufficient input validation, allowing unauthenticated attackers to submit POST payloads in WRAP or SECTIONTITLE to inject arbitrary JavaScript in vict...
CVE-2019-25382
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability in the time.cgi endpoint, exploitable via POST requests to the NTP_SERVER parameter to execute arbitrary JavaScript in users’ browsers. CVSSv3.1 base score 6.1, scope changed, impact on confide...
CVE-2019-25381
CVE-2019-25381 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, where the script hosts.cgi is vulnerable to multiple reflected cross-site scripting flaws. The vulnerability arises from unvalidated parameters in hosts.cgi, allowing an attacker to inject script payloads via POST requests us...
CVE-2019-25387
Smoothwall Express 3.1-SP4-polar-x86_64-update9 is affected by a reflected cross-site scripting vulnerability in xtaccess.cgi. An unauthenticated attacker can inject JavaScript by sending crafted input to the xtaccess.cgi endpoint via POST, exploiting the EXT, DEST_PORT, or COMMENT parameters to ...
CVE-2019-25386
CVE-2019-25386 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, with multiple reflected XSS vulnerabilities in the dmzholes.cgi script. The issue allows attackers to inject arbitrary JavaScript into users’ browsers by submitting POST requests containing payloads in the SRC_IP, DEST_IP, or...
CVE-2026-27508
CVE-2026-27508 affects Smoothwall Express versions prior to 3.1 Update 13. The issue is a reflected XSS in the /redirect.cgi endpoint caused by improper sanitation of the url parameter. Attackers can craft URLs containing javascript: schemes that execute arbitrary JavaScript in a victim’s browser...
CVE-2019-25392
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability in the iptools.cgi endpoint. Attackers can exploit by sending POST requests with malicious payloads in the IP parameter, enabling unauthorized execution of JavaScript in victims’ browsers. The ...
CVE-2019-25378
CVE-2019-25378 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, via the proxy.cgi endpoint. The vulnerability allows cross-site scripting by injecting payloads through parameters such as CACHE_SIZE, MAX_SIZE, MIN_SIZE, MAX_OUTGOING_SIZE, and MAX_INCOMING_SIZE. Attackers can submit POST re...
CVE-2019-25388
The vulnerability CVE-2019-25388 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, specifically the ipblock.cgi endpoint. It is a reflected cross-site scripting flaw where a crafted POST request can inject script tags through SRC_IP and COMMENT parameters, allowing arbitrary JavaScript exe...
CVE-2019-25384
CVE-2019-25384 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, with multiple reflected XSS vulnerabilities in portfw.cgi. The XSS is triggered by unvalidated parameters (EXT, SRC_PORT_SEL, SRC_PORT, DEST_IP, DEST_PORT_SEL, COMMENT) via POST requests, allowing execution of arbitrary JavaS...
CVE-2019-25389
CVE-2019-25389 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9. It is a reflected cross-site scripting vulnerability in the timedaccess.cgi endpoint where an attacker can inject scripts via the MACHINES parameter to execute arbitrary JavaScript in users’ browsers. The issue is exploitable...
CVE-2019-25394
CVE-2019-25394 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, with stored cross-site scripting in the modem.cgi script. Malicious payloads injected via POST parameters (INIT, HANGUP, SPEAKER_ON, SPEAKER_OFF, TONE_DIAL, PULSE_DIAL) can lead to arbitrary JavaScript execution in users’ bro...
CVE-2019-25383
CVE-2019-25383 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9. The vulnerability is a set of reflected cross-site scripting flaws in apcupsd.cgi, allowing an attacker to inject arbitrary JavaScript in victim browsers by crafting POST requests with payloads in parameters such as BATTLEVEL...
CVE-2026-26352
Affected product/versions: Smoothwall Express