exploitDog

GHSA-jw99-r2cw-rqwg

Опубликовано: 16 фев. 2026

Источник: github

Github: Не прошло ревью

CVSS4: 5.1

CVSS3: 6.1

Описание

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRC_IP and COMMENT parameters in POST requests to execute arbitrary JavaScript in users' browsers.

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRC_IP and COMMENT parameters in POST requests to execute arbitrary JavaScript in users' browsers.

Ссылки

EPSS

Процентиль: 30%

0.00117

Низкий

5.1 Medium

CVSS4

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-25388

CVSS3: 6.1

nvd

3 месяца назад

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRC_IP and COMMENT parameters in POST requests to execute arbitrary JavaScript in users' browsers.

EPSS

Процентиль: 30%

0.00117

Низкий

5.1 Medium

CVSS4

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79