Medium severity5.4NVD Advisory· Published Mar 30, 2026· Updated Apr 14, 2026
CVE-2026-27508
CVE-2026-27508
Description
Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browsers when clicked through the unsanitized link.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:2.3:o:smoothwall:smoothwall_express:*:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:o:smoothwall:smoothwall_express:*:*:*:*:*:*:*:*range: <=3.0
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update1:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update10:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update11:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update12:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update2:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update3:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update4:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update5:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update6:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update7:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update8:*:*:-:*:*:*
- cpe:2.3:o:smoothwall:smoothwall_express:3.1:update9:*:*:-:*:*:*
Patches
Vulnerability mechanics
References
2- www.vulncheck.com/advisories/smoothwall-express-reflected-xss-in-redirect-cgi-via-url-parameternvdThird Party Advisory
- community.smoothwall.org/forum/viewtopic.phpnvdProductRelease Notes
News mentions
0No linked articles in our index yet.