Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Smoothwall Express Admin Interface Cross-Site Scripting Flaw
CVE-2019-25390
Summary
Smoothwall Express's admin interface has a security flaw that could allow hackers to inject malicious code into the system, potentially taking control of administrator sessions. This issue affects administrators who use the interface to manage settings. To protect your system, update to the latest version of Smoothwall Express.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| smoothwall | smoothwall_express | 3.1 | – |
Original title
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the interfaces.cgi script that allow attackers to inject malicious scripts throug...
Original description
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the interfaces.cgi script that allow attackers to inject malicious scripts through multiple parameters including GREEN_ADDRESS, GREEN_NETMASK, RED_DHCP_HOSTNAME, RED_ADDRESS, DNS1_OVERRIDE, DNS2_OVERRIDE, RED_MAC, RED_NETMASK, DEFAULT_GATEWAY, DNS1, and DNS2. Attackers can craft POST requests to interfaces.cgi with script payloads in these parameters to execute arbitrary JavaScript in the context of authenticated administrator sessions.
nvd CVSS3.1
6.1
nvd CVSS4.0
4.8
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
- http://www.smoothwall.org Product
- https://www.exploit-db.com/exploits/46333 Exploit Third Party Advisory VDB Entry
- https://www.vulncheck.com/advisories/smoothwall-express-interfacescgi-cross-site... Broken Link
Published: 16 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026