CVE-2019-25428

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Comodo Dome Firewall version 2.7.0

Description Reflected cross-site scripting occurs in the "openvpn users" endpoint. This allows attackers to execute arbitrary JavaScript in users' browsers by submitting crafted POST requests containing script payloads in the username, remotenets, explicitroutes, static ip, custom dns, or custom domain parameters.

Recommendations As a temporary workaround, restrict access to the "openvpn users" endpoint or avoid using the username, remotenets, explicitroutes, static ip, custom dns, and custom domain parameters until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-25428

Affected Products

Comodo Dome Firewall

Dome Firewall

CVE-2019-25428

Weakness Enumeration

Related Identifiers

Affected Products

References · 6