CVE-2019-25425

Name of the Vulnerable Software and Affected Versions Comodo Dome Firewall version 2.7.0

Description A reflected cross-site scripting issue allows attackers to inject malicious scripts by submitting crafted input to the VIRUS ADMIN parameter. This is achieved by sending POST requests to the 'smtpconfig' endpoint with script payloads, enabling the execution of arbitrary JavaScript within the browser session of an administrator.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.