CVE-2019-25379

Name of the Vulnerable Software and Affected Versions Smoothwall Express version 3.1-SP4-polar-x86 64-update9

Description The software contains stored and reflected cross-site scripting issues in the urlfilter.cgi endpoint. Attackers can inject malicious scripts by submitting POST requests with script payloads in the REDIRECT PAGE or CHILDREN parameters. Successful exploitation allows attackers to execute arbitrary JavaScript in user browsers.

Recommendations Apply updates to address the cross-site scripting issue in the urlfilter.cgi endpoint. Restrict or sanitize input to the REDIRECT PAGE and CHILDREN parameters. As a temporary workaround, consider disabling the urlfilter.cgi endpoint until a patch is available.