CVE-2019-25393

Name of the Vulnerable Software and Affected Versions Smoothwall Express version 3.1-SP4-polar-x86 64-update9

Description The software contains a reflected cross-site scripting issue that enables unauthenticated attackers to inject malicious scripts due to inadequate input validation. Attackers can send POST requests to the /smoothinfo.cgi endpoint, utilizing the WRAP or SECTIONTITLE parameters to execute arbitrary JavaScript in the browsers of victims.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.