Security Advisory

CVE-2026-27508

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-30 16:51:50

Last updated 2026-05-25 23:41:47

Assigner VulnCheck

State PUBLISHED

Description

Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims browsers when clicked through the unsanitized link.

← Browse all CVEs View on cve.org ↗