Smoothwall Express Stored and Reflected Cross-Site Scripting Vulnerability

Smoothwall Express versions 3.1-SP4-polar-x86_64-update9 contain stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint. These vulnerabilities allow attackers to inject malicious scripts that are executed as arbitrary JavaScript in user browsers. The issue can be exploited by sending POST requests with script payloads in the REDIRECT_PAGE or CHILDREN parameters.

Impact

Exploitation of these vulnerabilities allows for cross-site scripting, where injected scripts are executed in the context of the user's browser.

Reproduction

The vulnerability can be reproduced by sending a POST request to the urlfilter.cgi endpoint with a script payload in the REDIRECT_PAGE or CHILDREN parameter. This can be done using a tool like Burp Suite or by crafting a custom script that sends the appropriate request. The injected script will be executed in the user's browser, demonstrating the cross-site scripting vulnerability.