CVE-2019-25381

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Smoothwall Express version 3.1-SP4-polar-x86 64-update9

Description The software contains multiple reflected cross-site scripting issues within the hosts.cgi script. Attackers can inject malicious scripts through unvalidated parameters. Specifically, attackers can send POST requests to the ''/hosts.cgi'' endpoint with script payloads in the IP, HOSTNAME, or COMMENT parameters, leading to the execution of arbitrary JavaScript in users' browsers.

Recommendations Apply input validation and sanitization to the IP, HOSTNAME, and COMMENT parameters in the hosts.cgi script.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-25381

Affected Products

Smoothwall Express

CVE-2019-25381

Weakness Enumeration

Related Identifiers

Affected Products

References · 8