CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-25379

HIGH
7.2
CVSS Severity Score
EPSS Score0.1780%
EPSS Percentile10.96th
Published2026年2月16日
Last Modified2026年2月20日

Vulnerability Description

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECT_PAGE or CHILDREN parameters to execute arbitrary JavaScript in user browsers.

Affected Platforms (CPE)

💻
Smoothwall

Smoothwall Express

= 3.1

References & Advisories

🔗 http://www.smoothwall.org
🔗 https://www.exploit-db.com/exploits/46333
🔗 https://www.vulncheck.com/advisories/smoothwall-express-urlfiltercgi-cross-site-scripti

関連する脆弱性情報

CVE-2011-10858.8

CSRF vulnerability in Smoothwall Express 3.

CVE-2019-253957.2

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the preferences.c...

CVE-2019-253947.2

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi scr...

CVE-2011-52846.8

Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Expres...