Vendor
Smoothwall
Products
5
CVEs
9
Across products
39
Status
Private
Products
5- 26 CVEs
- 10 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
9| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-27508 | Med | 0.35 | 5.4 | 0.00 | Mar 30, 2026 | Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browsers when clicked through the unsanitized link. | |
| CVE-2026-26352 | Med | 0.35 | 5.4 | 0.00 | Mar 30, 2026 | Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPN_IP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes when the affected page is viewed by other users. | |
| CVE-2003-0209 | 0.08 | — | 0.57 | May 5, 2003 | Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow. | ||
| CVE-2011-5284 | 0.03 | — | 0.00 | Dec 31, 2014 | Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request to cgi-bin/shutdown.cgi. | ||
| CVE-2011-5283 | 0.03 | — | 0.03 | Dec 31, 2014 | Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action. | ||
| CVE-2014-9431 | 0.00 | — | 0.00 | Dec 31, 2014 | Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi. | ||
| CVE-2014-9430 | 0.00 | — | 0.00 | Dec 31, 2014 | Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Express 3.0 SP3 allows remote attackers to inject arbitrary web script or HTML via the COMMENT parameter in an Add action. | ||
| CVE-2014-9429 | 0.00 | — | 0.00 | Dec 31, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the (1) PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or (2) COMMENT parameter in an Add action to httpd/cgi-bin/ddns.cgi. | ||
| CVE-2009-0803 | 0.00 | — | 0.01 | Mar 4, 2009 | SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. |