CVE-2019-25390

Name of the Vulnerable Software and Affected Versions Smoothwall Express version 3.1-SP4-polar-x86 64-update9

Description The software contains multiple reflected cross-site scripting issues within the 'interfaces.cgi' script. These issues allow attackers to inject malicious scripts through several parameters, including GREEN ADDRESS, GREEN NETMASK, RED DHCP HOSTNAME, RED ADDRESS, DNS1 OVERRIDE, DNS2 OVERRIDE, RED MAC, RED NETMASK, DEFAULT GATEWAY, DNS1, and DNS2. Attackers can create POST requests to the ''/interfaces.cgi'' endpoint with script payloads in these parameters, leading to the execution of arbitrary JavaScript within authenticated administrator sessions.

Recommendations For Smoothwall Express version 3.1-SP4-polar-x86 64-update9, sanitize all input to the 'interfaces.cgi' script, specifically the GREEN ADDRESS, GREEN NETMASK, RED DHCP HOSTNAME, RED ADDRESS, DNS1 OVERRIDE, DNS2 OVERRIDE, RED MAC, RED NETMASK, DEFAULT GATEWAY, DNS1, and DNS2 parameters, to prevent the injection of malicious scripts.