VYPR

Express 3.1

by Smoothwall

CVEs (9)

  • CVE-2011-1085HigFeb 7, 2020
    risk 0.57cvss 8.8epss 0.00

    CSRF vulnerability in Smoothwall Express 3.

  • CVE-2011-1084MedFeb 7, 2020
    risk 0.40cvss 6.1epss 0.01

    A cross-site scripting (XSS) vulnerability in Smoothwall Express 3.

  • CVE-2011-5284Dec 31, 2014
    risk 0.03cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request…

  • CVE-2019-25385Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the MACHINE and MACHINECOMMENT parameters. Attackers can send POST requests to the outgoing.cgi endpoint with…

  • CVE-2019-25380Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multiple parameters. Attackers can submit POST requests to dhcp.cgi with script…

  • CVE-2019-25379Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECT_PAGE or…

  • CVE-2014-9431Dec 31, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi.

  • CVE-2014-9430Dec 31, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Express 3.0 SP3 allows remote attackers to inject arbitrary web script or HTML via the COMMENT parameter in an Add action.

  • CVE-2014-9429Dec 31, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the (1) PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or (2) COMMENT parameter in an Add action to…