CVE-2019-25394

Name of the Vulnerable Software and Affected Versions Smoothwall Express version 3.1-SP4-polar-x86 64-update9

Description The software contains multiple stored cross-site scripting issues within the modem.cgi script. Attackers can inject malicious scripts through POST parameters. Specifically, crafted payloads can be submitted in parameters such as INIT, HANGUP, SPEAKER ON, SPEAKER OFF, TONE DIAL, and PULSE DIAL. When the stored data is retrieved, this allows for the execution of arbitrary JavaScript in users' browsers.

Recommendations Update to a newer version that contains a fix for this vulnerability.