CVE-2019-25395

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-25395
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the preferences.cgi script that allow attackers to inject malicious scripts through the HOSTNAME, KEYMAP, and OPENNESS parameters. Attackers can submit POST requests with script payloads to preferences.cgi to store malicious code that executes in the browsers of users accessing the preferences page.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
http://www.smoothwall.org Product
https://www.exploit-db.com/exploits/46333 Exploit Third Party Advisory VDB Entry
https://www.vulncheck.com/advisories/smoothwall-express-preferencescgi-cross-site-scrip Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:o:smoothwall:smoothwall_express:3.1:sp4:*:*:-:*:*:*
History

20 Feb 2026, 16:31

Type Values Removed Values Added
CPE cpe:2.3:o:smoothwall:smoothwall_express:3.1:sp4:*:*:-:*:*:*
First Time Smoothwall smoothwall Express
Smoothwall
References () http://www.smoothwall.org - () http://www.smoothwall.org - Product
References () https://www.exploit-db.com/exploits/46333 - () https://www.exploit-db.com/exploits/46333 - Exploit, Third Party Advisory, VDB Entry
References () https://www.vulncheck.com/advisories/smoothwall-express-preferencescgi-cross-site-scrip - () https://www.vulncheck.com/advisories/smoothwall-express-preferencescgi-cross-site-scrip - Broken Link

18 Feb 2026, 17:52

Type Values Removed Values Added
Summary
  • (es) Smoothwall Express 3.1-SP4-polar-x86_64-update9 contiene múltiples vulnerabilidades de cross-site scripting almacenado en el script preferences.cgi que permiten a los atacantes inyectar scripts maliciosos a través de los parámetros HOSTNAME, KEYMAP y OPENNESS. Los atacantes pueden enviar solicitudes POST con cargas útiles de script a preferences.cgi para almacenar código malicioso que se ejecuta en los navegadores de los usuarios que acceden a la página de preferencias.

16 Feb 2026, 18:19

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-16 18:19

Updated : 2026-02-20 16:31

NVD link : CVE-2019-25395

Mitre link : CVE-2019-25395

CVE.ORG link : CVE-2019-25395

JSON object : View

Products Affected

smoothwall

  • smoothwall_express
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')