CVE-2019-25419

Name of the Vulnerable Software and Affected Versions Comodo Dome Firewall version 2.7.0

Description A stored cross-site scripting issue exists where attackers can inject malicious scripts by submitting crafted input to the 'schedule' endpoint. By sending POST requests containing JavaScript payloads in the SCHNAME parameter, arbitrary code can be executed in the browsers of administrators when they access the schedule page.

Recommendations As a temporary workaround, avoid using the SCHNAME parameter in the 'schedule' endpoint until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.