CVE-2019-25392

MEDIUM

Smoothwall Express 3.1-SP4-polar-x86_64-update9 - Unauthenticated Reflected Cross-Site Scripting via IP Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25392. PoCs published by Ozer Goker.

AI-analyzed exploit summary This exploit demonstrates multiple stored and reflected XSS vulnerabilities in Smoothwall Express 3.1-SP4-polar-x86_64-update9. The payloads are simple JavaScript alerts injected into various parameters of CGI scripts.

Description

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. Attackers can send POST requests to the iptools.cgi endpoint with script payloads in the IP parameter to execute arbitrary JavaScript in victim browsers.

Exploits (1)

exploitdb WORKING POC
by Ozer Goker · textwebappscgi
https://www.exploit-db.com/exploits/46333

This exploit demonstrates multiple stored and reflected XSS vulnerabilities in Smoothwall Express 3.1-SP4-polar-x86_64-update9. The payloads are simple JavaScript alerts injected into various parameters of CGI scripts.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Smoothwall Express 3.1-SP4-polar-x86_64-update9
No auth needed
Prerequisites: Access to the web interface of the target Smoothwall Express instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/46333
Various Sources product
http://www.smoothwall.org

Scores

CVSS v3 6.1
EPSS 0.0024
EPSS Percentile 15.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
smoothwall/smoothwall_express 3.1 sp4
Published Feb 16, 2026
Tracked Since Feb 18, 2026