CyberSec.Space Logo
Back to CVE Browser

CVE-2019-25395

HIGH
7.2
CVSS Severity Score
EPSS Score0.0540%
EPSS Percentile38.05th
PublishedFeb 16, 2026
Last ModifiedFeb 20, 2026

Vulnerability Description

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the preferences.cgi script that allow attackers to inject malicious scripts through the HOSTNAME, KEYMAP, and OPENNESS parameters. Attackers can submit POST requests with script payloads to preferences.cgi to store malicious code that executes in the browsers of users accessing the preferences page.

Affected Platforms (CPE)

๐Ÿ’ป
Smoothwall

Smoothwall Express

= 3.1

References & Advisories

๐Ÿ”— http://www.smoothwall.org
๐Ÿ”— https://www.exploit-db.com/exploits/46333
๐Ÿ”— https://www.vulncheck.com/advisories/smoothwall-express-preferencescgi-cross-site-scrip

Related Vulnerabilities

CVE-2011-10858.8

CSRF vulnerability in Smoothwall Express 3.

CVE-2019-253947.2

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi scr...

CVE-2019-253797.2

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilte...

CVE-2011-52846.8

Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Expres...