CVE-2019-25420

Name of the Vulnerable Software and Affected Versions Comodo Dome Firewall version 2.7.0

Description A reflected cross-site scripting issue exists where attackers can inject malicious scripts by submitting crafted input to the 'snat' endpoint. This is achieved by sending POST requests containing JavaScript payloads within the port or snat to ip parameters, leading to the execution of arbitrary scripts in the browsers of users.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the 'snat' endpoint or avoid using the port and snat to ip parameters until a patch is available.