PT-2026-29062 · Smoothwall · Smoothwall Express
Alex Williams
+1
·
Published
2026-03-30
·
Updated
2026-03-31
·
CVE-2026-27508
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Smoothwall Express versions prior to 3.1 Update 13
Description
Smoothwall Express is affected by a reflected cross-site scripting issue. The
/redirect.cgi endpoint does not properly sanitize the url parameter, allowing attackers to inject malicious JavaScript code. This can be achieved by crafting URLs with javascript: schemes, which execute arbitrary JavaScript in a victim's browser when clicked.Recommendations
Update Smoothwall Express to version 3.1 Update 13 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Smoothwall Express