vendor:
SmoothWall Express
by:
Anonymous
7.8
CVSS
HIGH
Cross-site Scripting (XSS) and Cross-site Request Forgery (CSRF)
79
CWE
Product Name: SmoothWall Express
Affected Version From: 3
Affected Version To: 3
Patch Exists: YES
Related CWE: CVE-2020-12345
CPE: a:smoothwall:smoothwall_express:3.0
Metasploit:
N/A
Other Scripts:
https://www.infosecmatter.com/nessus-plugin-library/?id=142058, https://www.infosecmatter.com/nessus-plugin-library/?id=106846, https://www.infosecmatter.com/nessus-plugin-library/?id=106845, https://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/dos/hp/data_protector_rds, https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/windows/tftp/attftp_long_filename, https://www.infosecmatter.com/nessus-plugin-library/?id=94365, https://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/dos/windows/http/ms10_065_ii6_asp_dos, https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/windows/misc/nettransport, https://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/dos/http/apache_range_dos, https://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/scanner/udp/udp_amplification
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2020
SmoothWall Express 3.0 xss and csrf
The web management interface of SmoothWall Express 3.0 is vulnerable to XSS and CSRF. An attacker can exploit this vulnerability by sending a malicious script to the web management interface of SmoothWall Express 3.0. The malicious script can be used to execute arbitrary code on the vulnerable system. For CSRF, an attacker can send a malicious request to the web management interface of SmoothWall Express 3.0, which can be used to execute arbitrary code on the vulnerable system.
Mitigation:
The vendor has released a patch to address this vulnerability. It is recommended to apply the patch as soon as possible.