CVE-2026-27508
MEDIUMSmoothwall Express < 3.1 Update 13 Reflected XSS in redirect.cgi via url Parameter
Title source: cnaDescription
Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browsers when clicked through the unsanitized link.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
patch
https://community.smoothwall.org/forum/viewtopic.php?t=45095
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/smoothwall-express-reflected-xss-in-redirect-cgi-via-url-parameter
Scores
CVSS v3
5.4
EPSS
0.0015
EPSS Percentile
4.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (3)
Smoothwall/Express
< 3.1 Update 13
smoothwall/smoothwall_express
3.1 update1 (12 CPE variants)
smoothwall/smoothwall_express
< 3.0
Published
Mar 30, 2026
Tracked Since
Mar 30, 2026