PT-2026-8371 · Smoothwall · Smoothwall Express
Ozer Goker
·
Publicado
2026-02-16
·
Atualizado
2026-02-20
·
CVE-2019-25388
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Smoothwall Express version 3.1-SP4-polar-x86 64-update9
Description
Smoothwall Express version 3.1-SP4-polar-x86 64-update9 contains a reflected cross-site scripting issue that allows unauthenticated attackers to inject malicious scripts. This is achieved by submitting crafted input to the ''ipblock.cgi'' endpoint. Specifically, attackers can inject script tags through the
SRC IP and COMMENT parameters in POST requests, leading to the execution of arbitrary JavaScript in users' browsers.Recommendations
Apply input validation and output encoding to the
SRC IP and COMMENT parameters in the ''ipblock.cgi'' endpoint.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Smoothwall Express