CVE-2019-25385

Name of the Vulnerable Software and Affected Versions Smoothwall Express version 3.1-SP4-polar-x86 64-update9 Smoothwall Express version 3.1

Description The software contains a reflected cross-site scripting issue that enables attackers to inject malicious scripts. This is achieved by manipulating the MACHINE and MACHINECOMMENT parameters. Attackers can send POST requests to the ''outgoing.cgi'' endpoint with script payloads to execute arbitrary JavaScript in users' browsers and potentially steal session data.

Recommendations Apply updates to address the issue in Smoothwall Express version 3.1-SP4-polar-x86 64-update9. Apply updates to address the issue in Smoothwall Express version 3.1.