Volerion logoVolerion
Volerion logoVolerion

Smoothwall Express Reflected Cross-Site Scripting Vulnerability in redirect.cgi

Vulnerability

A reflected cross-site scripting vulnerability has been identified in Smoothwall Express versions prior to 3.1 Update 13. The issue resides in the /redirect.cgi endpoint, where the url parameter is not properly sanitized. This flaw allows attackers to create malicious URLs with javascript: schemes that, when clicked, execute arbitrary JavaScript in the victims' browsers via the unsanitized link.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Remediation

Users can update to Smoothwall Express 3.1 Update 13, which addresses this vulnerability by improving the sanitation of the url parameter in the redirect.cgi endpoint. After installing the update, a reboot is required to apply all changes.

Added: Mar 30, 2026, 5:24 PM
Updated: Mar 30, 2026, 5:24 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
1.7
exploitability
5.8
remediation
7.7
relevance
4.9
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.