Smoothwall: >> Smoothwall Express >> 3.0 Security Vulnerabilities
Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browsers when clicked through the unsanitized link.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-03-30
Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPN_IP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes when the affected page is viewed by other users.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-03-30
A cross-site scripting (XSS) vulnerability in Smoothwall Express 3.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-02-07
CSRF vulnerability in Smoothwall Express 3.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-02-07