CVE-2019-25379
Received Received - Intake

Stored and Reflected XSS in Smoothwall Express urlfilter.cgi

Vulnerability report for CVE-2019-25379, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-16

Last updated on: 2026-02-20

Assigner: VulnCheck

Description

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECT_PAGE or CHILDREN parameters to execute arbitrary JavaScript in user browsers.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-16
Last Modified
2026-02-20
Generated
2026-07-06
AI Q&A
2026-02-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
smoothwall smoothwall_express 3.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects Smoothwall Express 3.1-SP4-polar-x86_64-update9 and involves stored and reflected cross-site scripting (XSS) flaws in the urlfilter.cgi endpoint and other CGI scripts. Attackers can send specially crafted POST requests containing malicious JavaScript payloads in parameters such as REDIRECT_PAGE or CHILDREN. Because these inputs are not properly sanitized, the malicious scripts can be injected and executed in the browsers of users accessing the affected web interface.

The XSS vulnerabilities allow attackers to run arbitrary JavaScript code within the context of the Smoothwall web interface, potentially compromising user sessions or causing other malicious effects.

Impact Analysis

This vulnerability can lead to attackers executing arbitrary JavaScript in the browsers of users interacting with the Smoothwall Express web interface. Such execution can result in session hijacking, where attackers steal user session tokens, defacement of the web interface, or other malicious actions that compromise the integrity and security of the system.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending crafted HTTP POST requests to the urlfilter.cgi endpoint on port 81 of the Smoothwall Express 3.1-SP4-polar-x86_64-update9 system. The requests should include malicious script payloads in parameters such as REDIRECT_PAGE or CHILDREN to test for cross-site scripting (XSS) vulnerabilities.'}, {'type': 'paragraph', 'content': "For example, you can use curl commands to send POST requests with JavaScript payloads like `'><script>alert(1)</script>` in the vulnerable parameters and observe if the script executes or is reflected in the response."}, {'type': 'list_item', 'content': 'curl -X POST http://<target-ip>:81/urlfilter.cgi -d "REDIRECT_PAGE=\'><script>alert(1)</script>"'}, {'type': 'list_item', 'content': 'curl -X POST http://<target-ip>:81/urlfilter.cgi -d "CHILDREN=\'><script>alert(1)</script>"'}, {'type': 'paragraph', 'content': 'If the response or the web interface executes or reflects the injected script, it indicates the presence of the XSS vulnerability.'}] [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the affected web interface, especially the urlfilter.cgi endpoint on port 81, to trusted users only.

Additionally, avoid using the vulnerable parameters (such as REDIRECT_PAGE and CHILDREN) with untrusted input and monitor for suspicious POST requests targeting these parameters.

Since the vulnerability arises from improper input sanitization, applying any available patches or updates from the vendor that address these XSS issues is critical.

If patches are not available, consider implementing web application firewall (WAF) rules to detect and block malicious script payloads in POST requests.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25379. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart