5.1
CVE-2019-25387 - Smoothwall Express 3.1 'xtaccess.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the xtaccess.cgi endpoint. Attackers can inject script payloads through the EXT, DEST_PORT, or COMβ¦
5.1
CVE-2019-25386 - Smoothwall Express 3.1 'dmzholes.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the SRC_IP, DEST_IPβ¦
5.1
CVE-2019-25385 - Smoothwall Express 3.1 'outgoing.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the MACHINE and MACHINECOMMENT parameters. Attackers can send POST requests to the outgoing.cgi endpoint with script payloads to β¦
5.1
CVE-2019-25384 - Smoothwall Express 3.1 'portfw.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the portfw.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the EXT, SRC_PORT_SELβ¦
5.1
CVE-2019-25383 - Smoothwall Express 3.1 'apcupsd.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through multiple POST parameters. Attackers can submit crafted POST requests with script payloads in parametersβ¦
5.1
CVE-2019-25382 - Smoothwall Express 3.1 'time.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTP_SERVER parameter. Attackers can send POST requests to the time.cgi endpoint with script payloads in the Nβ¦
5.1
CVE-2019-25381 - Smoothwall Express 3.1 'hosts.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests to the hosts.cgi endpoint with script payloadsβ¦
5.1
CVE-2019-25380 - Smoothwall Express 3.1 'dhcp.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multiple parameters. Attackers can submit POST requests to dhcp.cgi with script payloads in parameters sucβ¦
5.3
CVE-2019-25379 - Smoothwall Express 3.1 'urlfilter.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECT_PAGE or CHILDREN parameters to eβ¦
5.1
CVE-2019-25378 - Smoothwall Express 3.1 'proxy.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHE_SIZE, MAX_SIZE, MIN_SIZE, MAX_OUTGOING_SIZE, and MAX_INCOMING_SIZE. Attackers can submβ¦