Smoothwall Express Reflected Cross-Site Scripting Vulnerability in Portfw.cgi

A reflected cross-site scripting vulnerability has been identified in Smoothwall Express version 3.1-SP4-polar-x86_64-update9. The issue resides in the portfw.cgi script, where unvalidated parameters allow attackers to inject malicious scripts. By submitting POST requests with script payloads in the EXT, SRC_PORT_SEL, SRC_PORT, DEST_IP, DEST_PORT_SEL, or COMMENT parameters, attackers can execute arbitrary JavaScript in the browsers of users.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where injected scripts are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a POST request to the portfw.cgi script with a payload containing a script tag, such as a JavaScript alert, in one of the following parameters: EXT, SRC_PORT_SEL, SRC_PORT, DEST_IP, DEST_PORT_SEL, or COMMENT. The injected script will be executed in the user's browser, demonstrating the cross-site scripting vulnerability.