HackTesting

CVE-2019-25386

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the SRC_IP, DEST_IP, or COMMENT parameters to execute arbitrary JavaScript in users' browsers.

Credits

Ozer Goker

References

https://www.exploit-db.com/exploits/46333
http://www.smoothwall.org
https://www.vulncheck.com/advisories/smoothwall-express-dmzholescgi-cross-site-scriptin