CVE-2019-25380 | Smoothwall Express 3.1-SP4-polar-x86_64-update9 POST Request dhcp.cgi cross site scripting (Exploit 46333)

A vulnerability marked as problematic has been reported in Smoothwall Express 3.1-SP4-polar-x86_64-update9. Affected by this vulnerability is an unknown functionality of the file dhcp.cgi of the component POST Request Handler. Performing a manipulation of the argument BOOT_SERVER/BOOT_FILE/BOOT_ROOT/START_ADDR/END_ADDR/DNS1/DNS2/NTP1/NTP2/WINS1/WINS2/DEFAULT_LEASE_TIME/MAX_LEASE_TIME/DOMAIN_NAME/NIS_DOMAIN/NIS1/NIS2/STATIC_HOST/STATIC_DESC/STATIC_MAC/STATIC_IP results in cross site scripting.

This vulnerability was named CVE-2019-25380. The attack may be initiated remotely. In addition, an exploit is available.VulDB Recent EntriesRead More