CVE-2019-25415

Name of the Vulnerable Software and Affected Versions Comodo Dome Firewall version 2.7.0

Description A reflected cross-site scripting issue exists where attackers can inject malicious scripts by submitting unsanitized input to the 'hotspot permanent users' endpoint. This is achieved by sending POST requests containing JavaScript payloads within the MACADDRESSES parameter, leading to the execution of arbitrary scripts in the browsers of users.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Avoid using the MACADDRESSES parameter in the 'hotspot permanent users' endpoint until the issue is resolved.