PT-2026-29061 · Smoothwall · Smoothwall Express
Alex Williams
+1
·
Published
2026-03-30
·
Updated
2026-03-31
·
CVE-2026-26352
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Smoothwall Express versions prior to 3.1 Update 13
Description
Smoothwall Express is affected by a stored cross-site scripting issue in the
/cgi-bin/vpnmain.cgi script. The issue stems from insufficient input validation of the VPN IP parameter. An authenticated attacker can inject malicious JavaScript code through VPN configuration settings. This code will then execute in the browsers of other users when they access the affected page.Recommendations
Update Smoothwall Express to version 3.1 Update 13 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Smoothwall Express