Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation. Attackers can submit POST requests to the smoothinfo.cgi endpoint with script payloads in the WRAP or SECTIONTITLE parameters to execute arbitrary JavaScript in victim browsers.
PUBLISHED5.2CWE-79
Smoothwall Express 3.1 'smoothinfo.cgi' Cross-Site Scripting
Problem type
Affected products
Smoothwall
Smoothwall Express
3.1 - AFFECTED
References
ExploitDB-46333
https://www.exploit-db.com/exploits/46333
Smoothwall Official Vendor Homepage
http://www.smoothwall.org
VulnCheck Advisory: Smoothwall Express 3.1 'smoothinfo.cgi' Cross-Site Scripting
https://www.vulncheck.com/advisories/smoothwall-express-smoothinfocgi-cross-site-script
JSON source
https://cveawg.mitre.org/api/cve/CVE-2019-25393Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2019-25393",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"dateUpdated": "2026-02-16T17:05:06.185Z",
"dateReserved": "2026-02-16T16:35:38.500Z",
"datePublished": "2026-02-16T17:05:06.185Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck",
"dateUpdated": "2026-02-16T17:05:06.185Z"
},
"datePublic": "2019-02-06T00:00:00.000Z",
"title": "Smoothwall Express 3.1 'smoothinfo.cgi' Cross-Site Scripting",
"descriptions": [
{
"lang": "en",
"value": "Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation. Attackers can submit POST requests to the smoothinfo.cgi endpoint with script payloads in the WRAP or SECTIONTITLE parameters to execute arbitrary JavaScript in victim browsers."
}
],
"affected": [
{
"vendor": "Smoothwall",
"product": "Smoothwall Express",
"versions": [
{
"version": "3.1",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.exploit-db.com/exploits/46333",
"name": "ExploitDB-46333",
"tags": [
"exploit"
]
},
{
"url": "http://www.smoothwall.org",
"name": "Smoothwall Official Vendor Homepage",
"tags": [
"product"
]
},
{
"url": "https://www.vulncheck.com/advisories/smoothwall-express-smoothinfocgi-cross-site-script",
"name": "VulnCheck Advisory: Smoothwall Express 3.1 'smoothinfo.cgi' Cross-Site Scripting",
"tags": [
"third-party-advisory"
]
}
],
"metrics": [
{
"format": "CVSS"
},
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
}
],
"credits": [
{
"lang": "en",
"value": "Ozer Goker",
"type": "finder"
}
]
}
}
}