CVE-2019-25386

Name of the Vulnerable Software and Affected Versions Smoothwall Express version 3.1-SP4-polar-x86 64-update9

Description The software contains multiple reflected cross-site scripting issues within the dmzholes.cgi script. Attackers can inject malicious scripts through unvalidated parameters. Specifically, attackers can submit POST requests with script payloads in the SRC IP, DEST IP, or COMMENT parameters, leading to the execution of arbitrary JavaScript in users' browsers.

Recommendations Apply updates to address the issue in the dmzholes.cgi script. As a temporary workaround, restrict or carefully validate input to the SRC IP, DEST IP, and COMMENT parameters in POST requests to the dmzholes.cgi script.