CVE-2019-25387 – Smoothwall Express 3.1 ‘xtaccess.cgi’ Cross-Site Scripting

CVE ID : CVE-2019-25387

Published : Feb. 16, 2026, 6:19 p.m. | 16 minutes ago

Description : Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the xtaccess.cgi endpoint. Attackers can inject script payloads through the EXT, DEST_PORT, or COMMENT parameters via POST requests to execute arbitrary JavaScript in victim browsers.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…