CVE-2019-25416

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Comodo Dome Firewall version 2.7.0

Description A reflected cross-site scripting issue allows attackers to inject malicious scripts by submitting crafted input. Attackers can send POST requests to the 'QoS devices management' endpoint using the device parameter to execute arbitrary JavaScript in users' browsers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Avoid using the device parameter in the 'QoS devices management' endpoint until the issue is resolved.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-25416

Affected Products

Comodo Dome Firewall

Dome Firewall

CVE-2019-25416

Weakness Enumeration

Related Identifiers

Affected Products

References · 6