PT-2026-8371 · Smoothwall · Smoothwall Express

Ozer Goker

·

Publicado

2026-02-16

·

Atualizado

2026-02-20

·

CVE-2019-25388

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Smoothwall Express version 3.1-SP4-polar-x86 64-update9
Description Smoothwall Express version 3.1-SP4-polar-x86 64-update9 contains a reflected cross-site scripting issue that allows unauthenticated attackers to inject malicious scripts. This is achieved by submitting crafted input to the ''ipblock.cgi'' endpoint. Specifically, attackers can inject script tags through the SRC IP and COMMENT parameters in POST requests, leading to the execution of arbitrary JavaScript in users' browsers.
Recommendations Apply input validation and output encoding to the SRC IP and COMMENT parameters in the ''ipblock.cgi'' endpoint.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2019-25388

Produtos afetados

Smoothwall Express