{"api_version":"1","generated_at":"2026-04-23T02:25:03+00:00","cve":"CVE-2026-27508","urls":{"html":"https://cve.report/CVE-2026-27508","api":"https://cve.report/api/cve/CVE-2026-27508.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-27508","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-27508"},"summary":{"title":"Smoothwall Express < 3.1 Update 13 Reflected XSS in redirect.cgi via url Parameter","description":"Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browsers when clicked through the unsanitized link.","state":"PUBLISHED","assigner":"VulnCheck","published_at":"2026-03-30 17:16:15","updated_at":"2026-04-14 16:32:57"},"problem_types":["CWE-79","CWE-79 CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')"],"metrics":[{"version":"4.0","source":"disclosure@vulncheck.com","type":"Secondary","score":"5.1","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"5.1","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N","data":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":5.1,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"ACTIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"}},{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"6.1","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"disclosure@vulncheck.com","type":"Secondary","score":"5.4","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"5.4","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","version":"3.1"}}],"references":[{"url":"https://community.smoothwall.org/forum/viewtopic.php?t=45095","name":"https://community.smoothwall.org/forum/viewtopic.php?t=45095","refsource":"disclosure@vulncheck.com","tags":["Product","Release Notes"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.vulncheck.com/advisories/smoothwall-express-reflected-xss-in-redirect-cgi-via-url-parameter","name":"https://www.vulncheck.com/advisories/smoothwall-express-reflected-xss-in-redirect-cgi-via-url-parameter","refsource":"disclosure@vulncheck.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-27508","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27508","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Smoothwall","product":"Express","version":"affected 3.1 Update 13 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Alex Williams from Pellera Technologies","lang":"en"},{"source":"CNA","value":"VulnCheck","lang":"en"}],"nvd_cpes":[{"cve_year":"2026","cve_id":"27508","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"smoothwall","cpe5":"smoothwall_express","cpe6":"3.1","cpe7":"update1","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"27508","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"smoothwall","cpe5":"smoothwall_express","cpe6":"3.1","cpe7":"update10","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"27508","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"smoothwall","cpe5":"smoothwall_express","cpe6":"3.1","cpe7":"update11","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"27508","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"smoothwall","cpe5":"smoothwall_express","cpe6":"3.1","cpe7":"update12","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"27508","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"smoothwall","cpe5":"smoothwall_express","cpe6":"3.1","cpe7":"update2","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"27508","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"smoothwall","cpe5":"smoothwall_express","cpe6":"3.1","cpe7":"update3","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"27508","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"smoothwall","cpe5":"smoothwall_express","cpe6":"3.1","cpe7":"update4","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"27508","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"smoothwall","cpe5":"smoothwall_express","cpe6":"3.1","cpe7":"update5","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"27508","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"smoothwall","cpe5":"smoothwall_express","cpe6":"3.1","cpe7":"update6","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"27508","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"smoothwall","cpe5":"smoothwall_express","cpe6":"3.1","cpe7":"update7","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"27508","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"smoothwall","cpe5":"smoothwall_express","cpe6":"3.1","cpe7":"update8","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"27508","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"smoothwall","cpe5":"smoothwall_express","cpe6":"3.1","cpe7":"update9","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"27508","vulnerable":"1","versionEndIncluding":"3.0","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"smoothwall","cpe5":"smoothwall_express","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"27508","cve":"CVE-2026-27508","epss":"0.000310000","percentile":"0.089390000","score_date":"2026-04-15","updated_at":"2026-04-16 00:13:56"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-27508","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-03-31T17:51:51.058978Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-03-31T18:05:32.880Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Express","vendor":"Smoothwall","versions":[{"lessThanOrEqual":"3.1 Update 13","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Alex Williams from Pellera Technologies"},{"lang":"en","type":"coordinator","value":"VulnCheck"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browsers when clicked through the unsanitized link."}],"value":"Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browsers when clicked through the unsanitized link."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":5.1,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"ACTIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-03-30T16:51:50.165Z","orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://community.smoothwall.org/forum/viewtopic.php?t=45095"},{"tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/smoothwall-express-reflected-xss-in-redirect-cgi-via-url-parameter"}],"source":{"discovery":"EXTERNAL"},"title":"Smoothwall Express < 3.1 Update 13 Reflected XSS in redirect.cgi via url Parameter","x_generator":{"engine":"Vulnogram 1.0.0"}}},"cveMetadata":{"assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","assignerShortName":"VulnCheck","cveId":"CVE-2026-27508","datePublished":"2026-03-30T16:51:50.165Z","dateReserved":"2026-02-19T19:51:07.327Z","dateUpdated":"2026-03-31T18:05:32.880Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-03-30 17:16:15","lastModifiedDate":"2026-04-14 16:32:57","problem_types":["CWE-79","CWE-79 CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')"],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:smoothwall:smoothwall_express:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0","matchCriteriaId":"F0BC090B-12A9-4A0E-9BD2-EFA56B569432"},{"vulnerable":true,"criteria":"cpe:2.3:o:smoothwall:smoothwall_express:3.1:update1:*:*:-:*:*:*","matchCriteriaId":"714B3296-7323-4920-8832-827C697ABED8"},{"vulnerable":true,"criteria":"cpe:2.3:o:smoothwall:smoothwall_express:3.1:update10:*:*:-:*:*:*","matchCriteriaId":"07EF8E3A-93A2-4A5A-A077-B692D7B4D92F"},{"vulnerable":true,"criteria":"cpe:2.3:o:smoothwall:smoothwall_express:3.1:update11:*:*:-:*:*:*","matchCriteriaId":"2B3D4296-EE7C-46FD-A734-419DC0BDFB7A"},{"vulnerable":true,"criteria":"cpe:2.3:o:smoothwall:smoothwall_express:3.1:update12:*:*:-:*:*:*","matchCriteriaId":"230A2DC9-DE28-4D18-99B8-0567CE99969C"},{"vulnerable":true,"criteria":"cpe:2.3:o:smoothwall:smoothwall_express:3.1:update2:*:*:-:*:*:*","matchCriteriaId":"5F0EED85-4850-4303-9529-E45868061C90"},{"vulnerable":true,"criteria":"cpe:2.3:o:smoothwall:smoothwall_express:3.1:update3:*:*:-:*:*:*","matchCriteriaId":"0A0D511A-9CBB-4586-BF80-AAC12101B9E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:smoothwall:smoothwall_express:3.1:update4:*:*:-:*:*:*","matchCriteriaId":"2999F419-BAF9-4660-8983-BB5A8374450E"},{"vulnerable":true,"criteria":"cpe:2.3:o:smoothwall:smoothwall_express:3.1:update5:*:*:-:*:*:*","matchCriteriaId":"83811BB5-B833-4594-823D-C47CB8499DD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:smoothwall:smoothwall_express:3.1:update6:*:*:-:*:*:*","matchCriteriaId":"E2A35B5F-2BFD-43D2-B0AC-EFCA7A5A8E2C"},{"vulnerable":true,"criteria":"cpe:2.3:o:smoothwall:smoothwall_express:3.1:update7:*:*:-:*:*:*","matchCriteriaId":"60C265FF-2CB3-4A44-9017-451D06E2CBE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:smoothwall:smoothwall_express:3.1:update8:*:*:-:*:*:*","matchCriteriaId":"E5DB05A8-F012-4258-82B9-B42884F88722"},{"vulnerable":true,"criteria":"cpe:2.3:o:smoothwall:smoothwall_express:3.1:update9:*:*:-:*:*:*","matchCriteriaId":"D5EF08B4-276D-4EE1-A079-3A2E61FED713"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"27508","Ordinal":"1","Title":"Smoothwall Express < 3.1 Update 13 Reflected XSS in redirect.cgi","CVE":"CVE-2026-27508","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"27508","Ordinal":"1","NoteData":"Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browsers when clicked through the unsanitized link.","Type":"Description","Title":"Smoothwall Express < 3.1 Update 13 Reflected XSS in redirect.cgi"}]}}}