CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2014-9429
https://notcve.org/view.php?id=CVE-2014-9429
Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the (1) PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or (2) COMMENT parameter in an Add action to httpd/cgi-bin/ddns.cgi. Múltiples vulnerabilidades de XSS en Smoothwall Express 3.1 y 3.0 SP3 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) el parámetro PROFILENAME en una acción Save en httpd/cgi-bin/pppsetup.cgi o (2) el parámetro COMMENT en una acción Add en httpd/cgi-bin/ddns.cgi. • http://packetstormsecurity.com/files/129698/SmoothWall-3.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html https://exchange.xforce.ibmcloud.com/vulnerabilities/99404 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2014-9431
https://notcve.org/view.php?id=CVE-2014-9431
Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi. Múltiples vulnerabilidades de CSRF en Smoothwall Express 3.1 y 3.0 SP3 permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que cambian la contraseña de (1) administración o (2) dial a través de una solicitud a httpd/cgi-bin/changepw.cgi. • http://packetstormsecurity.com/files/129698/SmoothWall-3.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html https://exchange.xforce.ibmcloud.com/vulnerabilities/99403 • CWE-352: Cross-Site Request Forgery (CSRF) •