CVE-2019-25388

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Smoothwall Express version 3.1-SP4-polar-x86 64-update9

Description Smoothwall Express version 3.1-SP4-polar-x86 64-update9 contains a reflected cross-site scripting issue that allows unauthenticated attackers to inject malicious scripts. This is achieved by submitting crafted input to the ''ipblock.cgi'' endpoint. Specifically, attackers can inject script tags through the SRC IP and COMMENT parameters in POST requests, leading to the execution of arbitrary JavaScript in users' browsers.

Recommendations Apply input validation and output encoding to the SRC IP and COMMENT parameters in the ''ipblock.cgi'' endpoint.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-25388

Affected Products

Smoothwall Express

CVE-2019-25388

Weakness Enumeration

Related Identifiers

Affected Products

References · 7