{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T16:49:40.180","vulnerabilities":[{"cve":{"id":"CVE-2019-25385","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-02-16T18:19:42.967","lastModified":"2026-02-20T16:26:41.493","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the MACHINE and MACHINECOMMENT parameters. Attackers can send POST requests to the outgoing.cgi endpoint with script payloads to execute arbitrary JavaScript in users' browsers and steal session data."},{"lang":"es","value":"Smoothwall Express 3.1-SP4-polar-x86_64-update9 contiene una vulnerabilidad de cross-site scripting reflejada que permite a los atacantes inyectar scripts maliciosos manipulando los parámetros MACHINE y MACHINECOMMENT. Los atacantes pueden enviar solicitudes POST al endpoint outgoing.cgi con cargas útiles de script para ejecutar JavaScript arbitrario en los navegadores de los usuarios y robar datos de sesión."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:smoothwall:smoothwall_express:3.1:sp4:*:*:-:*:*:*","matchCriteriaId":"183208FD-DEB7-4290-ABF0-5CF4A4A50ADF"}]}]}],"references":[{"url":"http://www.smoothwall.org","source":"disclosure@vulncheck.com","tags":["Product"]},{"url":"https://www.exploit-db.com/exploits/46333","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.vulncheck.com/advisories/smoothwall-express-outgoingcgi-cross-site-scriptin","source":"disclosure@vulncheck.com","tags":["Broken Link"]}]}}]}