CVE-2019-25388

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-25388

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25388.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-25388

Withdrawn

2026-05-04T08:33:07.928851Z

Published

2026-02-16T18:19:43.473Z

Modified

2026-05-04T08:33:07.928851Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRCIP and COMMENT parameters in POST requests to execute arbitrary JavaScript in users' browsers.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.1-sp4"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25388.json"