CVE-2019-25404

Name of the Vulnerable Software and Affected Versions Comodo Dome Firewall version 2.7.0

Description A stored cross-site scripting issue allows authenticated attackers to inject malicious scripts by submitting crafted input through admin management parameters. Specifically, script payloads can be injected into the admin name, name, and surname parameters via POST requests to the '/korugan/admins' endpoint. These scripts are stored and subsequently executed when administrators access the interface.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.