Filtered by vendor Smoothwall
Subscriptions
Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25378 | 1 Smoothwall | 2 Smoothwall, Smoothwall Express | 2026-03-05 | 6.1 Medium |
| Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHE_SIZE, MAX_SIZE, MIN_SIZE, MAX_OUTGOING_SIZE, and MAX_INCOMING_SIZE. Attackers can submit POST requests with script payloads to store or reflect arbitrary JavaScript code that executes in users' browsers when the proxy configuration page is accessed. | ||||
| CVE-2011-5283 | 1 Smoothwall | 1 Smoothwall | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action. | ||||
| CVE-2011-5284 | 1 Smoothwall | 1 Smoothwall | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request to cgi-bin/shutdown.cgi. | ||||
| CVE-2014-9431 | 1 Smoothwall | 1 Smoothwall | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi. | ||||
| CVE-2014-9430 | 1 Smoothwall | 1 Smoothwall | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Express 3.0 SP3 allows remote attackers to inject arbitrary web script or HTML via the COMMENT parameter in an Add action. | ||||
| CVE-2014-9429 | 1 Smoothwall | 1 Smoothwall | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the (1) PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or (2) COMMENT parameter in an Add action to httpd/cgi-bin/ddns.cgi. | ||||
| CVE-2011-1085 | 1 Smoothwall | 1 Smoothwall Express | 2024-11-21 | 8.8 High |
| CSRF vulnerability in Smoothwall Express 3. | ||||
| CVE-2011-1084 | 1 Smoothwall | 1 Smoothwall Express | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Smoothwall Express 3. | ||||