Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Smoothwall Express: Vulnerability Allows Malicious Script Injection
CVE-2019-25386
Summary
Smoothwall Express has a security flaw that allows hackers to inject malicious code into users' browsers if they visit a specially crafted website. This can lead to unauthorized access to sensitive information or take control of users' computers. To protect yourself, update your Smoothwall Express software to the latest version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| smoothwall | smoothwall_express | 3.1 | – |
Original title
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through ...
Original description
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the SRC_IP, DEST_IP, or COMMENT parameters to execute arbitrary JavaScript in users' browsers.
nvd CVSS3.1
6.1
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
- http://www.smoothwall.org Product
- https://www.exploit-db.com/exploits/46333 Exploit Third Party Advisory VDB Entry
- https://www.vulncheck.com/advisories/smoothwall-express-dmzholescgi-cross-site-s... Broken Link
Published: 16 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026