CVE-2019-25421

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Comodo Dome Firewall version 2.7.0

Description Cross-site scripting issues allow attackers to inject malicious scripts via the "/policyfw" endpoint. By submitting POST requests containing JavaScript payloads in the mac, target, and remark parameters, attackers can execute arbitrary code in administrator browsers or store persistent scripts within the application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Avoid using the mac, target, and remark parameters in the "/policyfw" endpoint until the issue is resolved.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-25421

Affected Products

Comodo Dome Firewall

Dome Firewall

CVE-2019-25421

Weakness Enumeration

Related Identifiers

Affected Products

References · 6