CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-25395

HIGH
7.2
CVSS Severity Score
EPSS Score0.0540%
EPSS Percentile38.05th
Published2026年2月16日
Last Modified2026年2月20日

Vulnerability Description

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the preferences.cgi script that allow attackers to inject malicious scripts through the HOSTNAME, KEYMAP, and OPENNESS parameters. Attackers can submit POST requests with script payloads to preferences.cgi to store malicious code that executes in the browsers of users accessing the preferences page.

Affected Platforms (CPE)

💻
Smoothwall

Smoothwall Express

= 3.1

References & Advisories

🔗 http://www.smoothwall.org
🔗 https://www.exploit-db.com/exploits/46333
🔗 https://www.vulncheck.com/advisories/smoothwall-express-preferencescgi-cross-site-scrip

相关漏洞威胁

CVE-2011-10858.8

CSRF vulnerability in Smoothwall Express 3.

CVE-2019-253947.2

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi scr...

CVE-2019-253797.2

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilte...

CVE-2011-52846.8

Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Expres...