Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Smoothwall Express: Malicious Scripts Injected via Web Interface
CVE-2019-25381
Summary
The Smoothwall Express web interface has a security weakness that allows hackers to inject malicious code into a user's web browser if they submit a specially crafted request. This could potentially allow the hacker to steal sensitive information or take control of the user's computer. To protect against this, ensure your Smoothwall Express software is up to date with the latest security patches.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| smoothwall | smoothwall_express | 3.1 | – |
Original title
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unv...
Original description
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests to the hosts.cgi endpoint with script payloads in the IP, HOSTNAME, or COMMENT parameters to execute arbitrary JavaScript in users' browsers.
nvd CVSS3.1
6.1
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
- http://www.smoothwall.org Product
- https://www.exploit-db.com/exploits/46333 Exploit Third Party Advisory VDB Entry
- https://www.vulncheck.com/advisories/smoothwall-express-hostscgi-cross-site-scri... Broken Link
Published: 16 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026