CVE-2019-25378

Name of the Vulnerable Software and Affected Versions Smoothwall Express version 3.1-SP4-polar-x86 64-update9

Description The software contains multiple cross-site scripting issues within the proxy functionality. Attackers can inject malicious scripts through parameters in the ''proxy.cgi'' endpoint. Specifically, the CACHE SIZE, MAX SIZE, MIN SIZE, MAX OUTGOING SIZE, and MAX INCOMING SIZE parameters are susceptible to exploitation. Attackers can submit POST requests containing script payloads, which are then stored or reflected as JavaScript code, executing in users' browsers when the proxy configuration page is accessed.

Recommendations Update to a newer version that contains a fix for this vulnerability.