58969 matches found
CVE-2019-25421
CVE-2019-25421 affects Comodo Dome Firewall 2.7.0. Affected component: policyfw endpoint. Vulnerability type: cross-site scripting (XSS) via policyfw, allowing attackers to submit POST requests containing JavaScript payloads in the mac, target, and remark parameters. This can execute arbitrary co...
CVE-2019-25420 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via snat
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the snat endpoint. Attackers can send POST requests with JavaScript payloads in the port or snattoip parameters to execute arbitrary...
CVE-2019-25421 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via policyfw
Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the policyfw endpoint. Attackers can submit POST requests with JavaScript payloads in the mac, target, and remark parameters to execute arbitrary code in...
CVE-2019-25419 Comodo Dome Firewall 2.7.0 Stored Cross-Site Scripting via schedule
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the schedule endpoint. Attackers can submit POST requests with JavaScript payloads in the SCHNAME parameter to execute arbitrary code in...
CVE-2019-25415 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via hotspot_permanent_users
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the hotspotpermanentusers endpoint. Attackers can send POST requests with JavaScript payloads in the MACADDRESSES parameter to...
CVE-2019-25414
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/appid/ endpoint with script payloads in the ID parameter to execut...
CVE-2019-25412
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input through the NTPSERVERLIST parameter. Attackers can send POST requests to the /korugan/time endpoint with script payloads in the...
CVE-2019-25410 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via policy_routing
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. Attackers can submit POST requests to the policy routing endpoint with script payloads in these parameters to execute...
CVE-2019-25408
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmaskaddr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmaskaddr...
CVE-2019-25408 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via netwizard2
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmaskaddr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmaskaddr...
CVE-2019-25408 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via netwizard2
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmaskaddr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmaskaddr...
CVE-2019-25408
CVE-2019-25408 : Comodo Dome Firewall 2.7.0 has a reflected cross-site scripting vulnerability in the netwizard2 endpoint, via the netmask_addr parameter. An attacker can send crafted POST input to inject JavaScript into users’ browsers, triggering the attack without authentication. Reported CVSS...
CVE-2019-25407
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the backup schedule interface. Attackers can send POST requests to the backupschedule endpoint with JavaScript code in the BACKUPRCPT...
CVE-2019-25405
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the newLicense parameter. Attackers can send POST requests to the license activation endpoint with script payloads in the newLicense fie...
CVE-2019-25405 Comodo Dome Firewall 2.7.0 Stored Cross-Site Scripting via license_activation
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the newLicense parameter. Attackers can send POST requests to the license activation endpoint with script payloads in the newLicense fie...
CVE-2019-25406
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the organization parameter. Attackers can send POST requests to the korugan/cmclient endpoint with script payloads in the organization parameter to...
CVE-2019-25405
CVE-2019-25405 affects Comodo Dome Firewall 2.7.0 with a stored XSS in the license activation endpoint (newLicense parameter). An attacker can send crafted input via POST to execute JavaScript in administrators’ browsers. Impact and CVSS details are provided (CVSS‑4.0: 5.3, NETWORK/LOW/LI, UI:P; ...
CVE-2019-25403
CVE-2019-25403 affects Comodo Dome Firewall 2.7.0 via a stored cross-site scripting (XSS) vulnerability in the admin_profiles endpoint. An authenticated attacker can submit crafted input in the comment parameter, causing malicious JavaScript to execute in the browsers of other users who view the ...
CVE-2019-25402 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via login
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the login endpoint with script payloads in the username...
CVE-2025-15562
The server API endpoint /report/internet/urls reflects received data into the HTML response without applying proper encoding or filtering. This allows an attacker to execute arbitrary JavaScript in the victim's browser if the victim opens a URL prepared by the attacker...