CVE-2019-25395

Name of the Vulnerable Software and Affected Versions Smoothwall Express version 3.1-SP4-polar-x86 64-update9

Description The software contains multiple stored cross-site scripting issues within the preferences.cgi script. Attackers can inject malicious scripts through the HOSTNAME, KEYMAP, and OPENNESS parameters. Exploitation involves submitting POST requests with script payloads to preferences.cgi, which stores malicious code that executes in the browsers of users accessing the preferences page.

Recommendations Update to a newer version that contains a fix for this vulnerability.