CVE-2019-25390 – Smoothwall Express 3.1 ‘interfaces.cgi’ Cross-Site Scripting

CVE ID : CVE-2019-25390

Published : Feb. 16, 2026, 6:19 p.m. | 16 minutes ago

Description : Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the interfaces.cgi script that allow attackers to inject malicious scripts through multiple parameters including GREEN_ADDRESS, GREEN_NETMASK, RED_DHCP_HOSTNAME, RED_ADDRESS, DNS1_OVERRIDE, DNS2_OVERRIDE, RED_MAC, RED_NETMASK, DEFAULT_GATEWAY, DNS1, and DNS2. Attackers can craft POST requests to interfaces.cgi with script payloads in these parameters to execute arbitrary JavaScript in the context of authenticated administrator sessions.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-2439 – Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids

CVE-2025-15578 – Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely

CVE-2026-2474 – Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom()

CVE-2026-2001 – WowRevenue