{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2019-25385","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2026-02-16T16:30:24.995Z","datePublished":"2026-02-16T17:04:59.120Z","dateUpdated":"2026-03-05T01:26:30.120Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-03-05T01:26:30.120Z"},"datePublic":"2019-02-06T00:00:00.000Z","title":"Smoothwall Express 3.1 'outgoing.cgi' Cross-Site Scripting","descriptions":[{"lang":"en","value":"Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the MACHINE and MACHINECOMMENT parameters. Attackers can send POST requests to the outgoing.cgi endpoint with script payloads to execute arbitrary JavaScript in users' browsers and steal session data."}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79","type":"CWE"}]}],"affected":[{"vendor":"Smoothwall","product":"Smoothwall Express","versions":[{"version":"3.1","status":"affected"}]}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:smoothwall:smoothwall:3.1:*:*:*:*:*:*:*"}]}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":5.1,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"ACTIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS"},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.1"},"format":"CVSS"}],"references":[{"url":"https://www.exploit-db.com/exploits/46333","name":"ExploitDB-46333","tags":["exploit"]},{"url":"http://www.smoothwall.org","name":"Smoothwall Official Vendor Homepage","tags":["product"]},{"name":"VulnCheck Advisory: Smoothwall Express 3.1 'outgoing.cgi' Cross-Site Scripting","tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/smoothwall-express-outgoingcgi-cross-site-scriptin"}],"credits":[{"lang":"en","value":"Ozer Goker","type":"finder"}],"x_generator":{"engine":"vulncheck"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-02-17T15:00:32.824885Z","id":"CVE-2019-25385","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-17T15:00:51.195Z"}}]}}