CVE-2019-25405

Name of the Vulnerable Software and Affected Versions Comodo Dome Firewall version 2.7.0

Description A stored cross-site scripting issue exists where attackers can inject malicious scripts by submitting crafted input to the newLicense parameter. This is achieved by sending POST requests to the license activation endpoint, allowing the execution of arbitrary JavaScript in the browsers of administrators.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the license activation endpoint or avoid using the newLicense parameter until a patch is available.