Smoothwall
by Smoothwall
CVEs (28)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-25379 | 0.00 | — | 0.00 | Feb 16, 2026 | Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECT_PAGE or… | |||
| CVE-2019-25378 | 0.00 | — | 0.00 | Feb 16, 2026 | Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHE_SIZE, MAX_SIZE, MIN_SIZE, MAX_OUTGOING_SIZE, and… | |||
| CVE-2011-1085 | 0.00 | — | 0.00 | Feb 7, 2020 | CSRF vulnerability in Smoothwall Express 3. | |||
| CVE-2011-1084 | 0.00 | — | 0.01 | Feb 7, 2020 | A cross-site scripting (XSS) vulnerability in Smoothwall Express 3. | |||
| CVE-2014-9431 | 0.00 | — | 0.01 | Dec 31, 2014 | Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi. | |||
| CVE-2014-9430 | 0.00 | — | 0.01 | Dec 31, 2014 | Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Express 3.0 SP3 allows remote attackers to inject arbitrary web script or HTML via the COMMENT parameter in an Add action. | |||
| CVE-2014-9429 | 0.00 | — | 0.01 | Dec 31, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the (1) PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or (2) COMMENT parameter in an Add action to… | |||
| CVE-2009-0803 | 0.00 | — | 0.02 | Mar 4, 2009 | SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash,… |
- CVE-2019-25379Feb 16, 2026risk 0.00cvss —epss 0.00
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECT_PAGE or…
- CVE-2019-25378Feb 16, 2026risk 0.00cvss —epss 0.00
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHE_SIZE, MAX_SIZE, MIN_SIZE, MAX_OUTGOING_SIZE, and…
- CVE-2011-1085Feb 7, 2020risk 0.00cvss —epss 0.00
CSRF vulnerability in Smoothwall Express 3.
- CVE-2011-1084Feb 7, 2020risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in Smoothwall Express 3.
- CVE-2014-9431Dec 31, 2014risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi.
- CVE-2014-9430Dec 31, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Express 3.0 SP3 allows remote attackers to inject arbitrary web script or HTML via the COMMENT parameter in an Add action.
- CVE-2014-9429Dec 31, 2014risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the (1) PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or (2) COMMENT parameter in an Add action to…
- CVE-2009-0803Mar 4, 2009risk 0.00cvss —epss 0.02
SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash,…
Page 2 of 2