VYPR
Vendor

Smoothwall

Products
5
CVEs
28
Across products
40
Status
Private

Products

5

Recent CVEs

28
View all 28 CVEs →
  • CVE-2026-27508MedMar 30, 2026
    risk 0.35cvss 5.4epss 0.00

    Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript…

  • CVE-2026-26352MedMar 30, 2026
    risk 0.35cvss 5.4epss 0.00

    Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPN_IP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration…

  • CVE-2003-0209May 5, 2003
    risk 0.06cvss epss 0.38

    Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow.

  • CVE-2011-5284Dec 31, 2014
    risk 0.03cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request…

  • CVE-2011-5283Dec 31, 2014
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action.

  • CVE-2019-25395Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the preferences.cgi script that allow attackers to inject malicious scripts through the HOSTNAME, KEYMAP, and OPENNESS parameters. Attackers can submit POST requests…

  • CVE-2019-25394Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP,…

  • CVE-2019-25393Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation. Attackers can submit POST requests to the smoothinfo.cgi…

  • CVE-2019-25392Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. Attackers can send POST requests to the iptools.cgi endpoint with script…

  • CVE-2019-25390Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the interfaces.cgi script that allow attackers to inject malicious scripts through multiple parameters including GREEN_ADDRESS, GREEN_NETMASK, RED_DHCP_HOSTNAME,…

  • CVE-2019-25389Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the MACHINES parameter. Attackers can craft requests to the timedaccess.cgi endpoint with…

  • CVE-2019-25388Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRC_IP…

  • CVE-2019-25387Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the xtaccess.cgi endpoint. Attackers can inject script payloads through the…

  • CVE-2019-25386Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in…

  • CVE-2019-25385Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the MACHINE and MACHINECOMMENT parameters. Attackers can send POST requests to the outgoing.cgi endpoint with…

  • CVE-2019-25384Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the portfw.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in…

  • CVE-2019-25383Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through multiple POST parameters. Attackers can submit crafted POST requests with script…

  • CVE-2019-25382Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTP_SERVER parameter. Attackers can send POST requests to the time.cgi endpoint with…

  • CVE-2019-25381Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests to the hosts.cgi endpoint…

  • CVE-2019-25380Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multiple parameters. Attackers can submit POST requests to dhcp.cgi with script…