CVE-2019-25392

CVE Database · CVE-2019-25392

CVE-2019-25392

· MEDIUMAnalyzed

CVSS v3.1

6.1

CVSS v4.0

5.1

EPSS

0.24%

Published

Feb 16, 2026

Modified

Feb 20, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. Attackers can send POST requests to the iptools.cgi endpoint with script payloads in the IP parameter to execute arbitrary JavaScript in victim browsers.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-79

Affected Products (1)

smoothwall · smoothwall_expressvulnerable

References (3)

http://www.smoothwall.org

Product

https://www.exploit-db.com/exploits/46333

ExploitThird Party AdvisoryVDB Entry

https://www.vulncheck.com/advisories/smoothwall-express-iptoolscgi-cross-site-scripting

Broken Link

KEV Catalog EPSS Scores Vendors All CVEs