CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-25394

HIGH
7.2
CVSS Severity Score
EPSS Score0.0540%
EPSS Percentile42.50th
Published2026年2月16日
Last Modified2026年2月20日

Vulnerability Description

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKER_ON, SPEAKER_OFF, TONE_DIAL, and PULSE_DIAL to execute arbitrary JavaScript in users' browsers when the stored data is retrieved.

Affected Platforms (CPE)

💻
Smoothwall

Smoothwall Express

= 3.1

References & Advisories

🔗 http://www.smoothwall.org
🔗 https://www.exploit-db.com/exploits/46333
🔗 https://www.vulncheck.com/advisories/smoothwall-express-modemcgi-cross-site-scripting

相關漏洞威脅

CVE-2011-10858.8

CSRF vulnerability in Smoothwall Express 3.

CVE-2019-253957.2

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the preferences.c...

CVE-2019-253797.2

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilte...

CVE-2011-52846.8

Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Expres...