CVE-2019-25380

Name of the Vulnerable Software and Affected Versions Smoothwall Express version 3.1-SP4-polar-x86 64-update9

Description The software contains multiple reflected cross-site scripting issues within the dhcp.cgi script. Attackers can inject malicious scripts by submitting POST requests to the ''/dhcp.cgi'' endpoint. Exploitation occurs through various parameters, including BOOT SERVER, BOOT FILE, BOOT ROOT, START ADDR, END ADDR, DNS1, DNS2, NTP1, NTP2, WINS1, WINS2, DEFAULT LEASE TIME, MAX LEASE TIME, DOMAIN NAME, NIS DOMAIN, NIS1, NIS2, STATIC HOST, STATIC DESC, STATIC MAC, and STATIC IP. Successful exploitation allows execution of arbitrary JavaScript in user browsers.

Recommendations Smoothwall Express version 3.1-SP4-polar-x86 64-update9: Sanitize or validate all input received through the parameters BOOT SERVER, BOOT FILE, BOOT ROOT, START ADDR, END ADDR, DNS1, DNS2, NTP1, NTP2, WINS1, WINS2, DEFAULT LEASE TIME, MAX LEASE TIME, DOMAIN NAME, NIS DOMAIN, NIS1, NIS2, STATIC HOST, STATIC DESC, STATIC MAC, and STATIC IP before processing them in the dhcp.cgi script.