Medium severity5.4NVD Advisory· Published Mar 30, 2026· Updated Apr 14, 2026
CVE-2026-27508
CVE-2026-27508
Description
Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browsers when clicked through the unsanitized link.
Affected products
13cpe:2.3:o:smoothwall:smoothwall_express:*:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:o:smoothwall:smoothwall_express:*:*:*:*:*:*:*:*range: <=3.0
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update1:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update10:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update11:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update12:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update2:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update3:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update4:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update5:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update6:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update7:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update8:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update9:*:*:-:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.vulncheck.com/advisories/smoothwall-express-reflected-xss-in-redirect-cgi-via-url-parameternvdThird Party Advisory
- community.smoothwall.org/forum/viewtopic.phpnvdProductRelease Notes
News mentions
0No linked articles in our index yet.