CVE-2019-25378

CVSS v3.1

6.1

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Smoothwall Express version 3.1-SP4-polar-x86 64-update9

Description The software contains multiple cross-site scripting issues within the proxy functionality. Attackers can inject malicious scripts through parameters in the ''proxy.cgi'' endpoint. Specifically, the

CACHE SIZE

MAX SIZE

MIN SIZE

MAX OUTGOING SIZE

, and

MAX INCOMING SIZE

parameters are susceptible to exploitation. Attackers can submit POST requests containing script payloads, which are then stored or reflected as JavaScript code, executing in users' browsers when the proxy configuration page is accessed.

Recommendations Update to a newer version that contains a fix for this vulnerability.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-25378

Affected Products

Smoothwall Express

CVE-2019-25378

Weakness Enumeration

Related Identifiers

Affected Products

References · 6