← Back

CVE-2026-27508

nvd nist
Published: Mar 30, 2026Modified: Apr 14, 2026

JSON object

Loading...
5.1
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)

Description

Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browsers when clicked through the unsanitized link.

Affected (13)

Smoothwall
1 product
Smoothwall Express
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Smoothwall
Smoothwall Express
Up to 3.0
Smoothwall Express
Version 3.1 update10
Smoothwall Express
Version 3.1 update11
Smoothwall Express
Version 3.1 update12
Smoothwall Express
Version 3.1 update1
Smoothwall Express
Version 3.1 update2
Smoothwall Express
Version 3.1 update3
Smoothwall Express
Version 3.1 update4
Smoothwall Express
Version 3.1 update5
Smoothwall Express
Version 3.1 update6
Smoothwall Express
Version 3.1 update7
Smoothwall Express
Version 3.1 update8
Smoothwall Express
Version 3.1 update9

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

Source: disclosure@vulncheck.com
ProductRelease Notes
Source: disclosure@vulncheck.com
Third Party Advisory

Timeline

No history available yet.