CVE-2011-5283

Name of the Vulnerable Software and Affected Versions Smoothwall Express versions 3.0 SP3 and earlier, Smoothwall Express version 3.1

Description A cross-site scripting (XSS) issue exists in the web management interface, specifically in the httpd/cgi-bin/ipinfo.cgi file. This allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a "Run" action.

Recommendations For Smoothwall Express versions 3.0 SP3 and earlier, and version 3.1, consider restricting access to the ipinfo.cgi file until a patch is available. As a temporary workaround, avoid using the IP parameter in the affected API endpoint until the issue is resolved.