CVE-2019-25427

Name of the Vulnerable Software and Affected Versions Comodo Dome Firewall version 2.7.0

Description A reflected cross-site scripting issue exists where attackers can inject malicious scripts by submitting crafted input to the 'antispyware' endpoint. By sending POST requests containing JavaScript payloads in the DNSMASQ WHITELIST or DNSMASQ BLACKLIST parameters, arbitrary code can be executed within the browsers of users.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the 'antispyware' endpoint or avoid using the DNSMASQ WHITELIST and DNSMASQ BLACKLIST parameters until a patch is available.