CVE-2019-25387 – Smoothwall Express 3.1 ‘xtaccess.cgi’ Cross-Site Scripting

CVE ID : CVE-2019-25387

Published : Feb. 16, 2026, 6:19 p.m. | 16 minutes ago

Description : Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the xtaccess.cgi endpoint. Attackers can inject script payloads through the EXT, DEST_PORT, or COMMENT parameters via POST requests to execute arbitrary JavaScript in victim browsers.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-2439 – Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids

CVE-2025-15578 – Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely

CVE-2026-2474 – Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom()

CVE-2026-2001 – WowRevenue