Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Smoothwall Express: Unauthenticated Attackers Can Inject Malicious Scripts
CVE-2019-25388
Summary
The Smoothwall Express firewall's web interface has a security flaw that allows hackers to inject malicious code into users' web browsers without needing a password. This could lead to unauthorized actions on the network. To stay secure, update to the latest version of Smoothwall Express.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| smoothwall | smoothwall_express | 3.1 | – |
Original title
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input...
Original description
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRC_IP and COMMENT parameters in POST requests to execute arbitrary JavaScript in users' browsers.
nvd CVSS3.1
6.1
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
- http://www.smoothwall.org Product
- https://www.exploit-db.com/exploits/46333 Exploit Third Party Advisory VDB Entry
- https://www.vulncheck.com/advisories/smoothwall-express-ipblockcgi-cross-site-sc... Broken Link
Published: 16 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026