Login Sign Up

CVE-2019-25383

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

This CVE describes multiple reflected cross-site scripting (XSS) vulnerabilities in Smoothwall Express's apcupsd.cgi script. Attackers can inject malicious JavaScript through various POST parameters, which executes in victims' browsers when they visit crafted URLs. Organizations running vulnerable Smoothwall Express versions are affected.

💻 Affected Systems

Products:
  • Smoothwall Express
Versions: 3.1-SP4-polar-x86_64-update9 and likely earlier versions
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: The apcupsd.cgi script must be accessible and the UPS monitoring feature likely enabled.

📦 What is this software?

Smoothwall Express by Smoothwall

View all CVEs affecting Smoothwall Express →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on administrator systems.

🟠

Likely Case

Session hijacking of Smoothwall administrators leading to unauthorized configuration changes, network compromise, or credential theft.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented, though XSS still poses session theft risks.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available on Exploit-DB (ID 46333), making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://www.smoothwall.org

Restart Required: No

Instructions:

Check Smoothwall Express vendor site for updates. If no patch exists, implement workarounds or upgrade to a supported version.

🔧 Temporary Workarounds

Input Validation Filter

linux

Implement input validation to sanitize POST parameters in apcupsd.cgi script

Modify /usr/lib/smoothwall/apcupsd.cgi to validate/sanitize parameters like BATTLEVEL, RTMIN, etc.

Web Application Firewall

all

Deploy WAF rules to block XSS payloads in POST requests to apcupsd.cgi

Configure WAF to filter malicious scripts in parameters

🧯 If You Can't Patch

  • Restrict access to apcupsd.cgi script using firewall rules or authentication
  • Disable UPS monitoring feature if not required

🔍 How to Verify

Check if Vulnerable:

Test by sending POST requests with script payloads to /cgi-bin/apcupsd.cgi and checking if scripts execute

Check Version:

cat /etc/smoothwall/version

Verify Fix Applied:

Verify input validation prevents script execution by testing with XSS payloads

📡 Detection & Monitoring

Log Indicators:

  • POST requests to apcupsd.cgi with script tags or JavaScript in parameters
  • Unusual parameter values in web logs

Network Indicators:

  • HTTP POST requests containing <script> tags or JavaScript functions in parameter values

SIEM Query:

source="web_logs" AND uri="/cgi-bin/apcupsd.cgi" AND (param="BATTLEVEL" OR param="RTMIN" OR param="BATTDELAY") AND (value CONTAINS "<script>" OR value CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2019-25383
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: February 16, 2026
Last Updated: February 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-25383, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)