CVE-2019-25395

CVE Database · CVE-2019-25395

CVE-2019-25395

· HIGHAnalyzed

CVSS v3.1

7.2

CVSS v4.0

5.3

EPSS

0.22%

Published

Feb 16, 2026

Modified

Feb 20, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the preferences.cgi script that allow attackers to inject malicious scripts through the HOSTNAME, KEYMAP, and OPENNESS parameters. Attackers can submit POST requests with script payloads to preferences.cgi to store malicious code that executes in the browsers of users accessing the preferences page.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-79

Affected Products (1)

smoothwall · smoothwall_expressvulnerable

References (3)

http://www.smoothwall.org

Product

https://www.exploit-db.com/exploits/46333

ExploitThird Party AdvisoryVDB Entry

https://www.vulncheck.com/advisories/smoothwall-express-preferencescgi-cross-site-scrip

Broken Link

KEV Catalog EPSS Scores Vendors All CVEs