29 matches found
CVE-2019-25413
Comodo Dome Firewall 2.7.0 is affected by a reflected cross-site scripting vulnerability where unauthenticated attackers can inject JavaScript via the ID parameter on the /manage/ips/rules/ endpoint. The issue allows execution of arbitrary scripts in victim browsers, with CVSS metrics indicating ...
CVE-2019-25411
CVE-2019-25411 affects Comodo Dome Firewall 2.7.0 with a reflected cross-site scripting vulnerability in the DHCP configuration endpoint. The vulnerability is triggered by manipulating the GATEWAY_GREEN parameter and submitting POST requests, allowing an attacker to inject and execute arbitrary J...
CVE-2019-25415
Comodo Dome Firewall 2.7.0 is affected by a reflected XSS in the hotspot_permanent_users endpoint. An attacker can submit unsanitized input via MACADDRESSES in a POST to inject JavaScript that runs in users’ browsers. CVSS metrics: CVSSv3.1 base 6.1 (NETWORK, LOW complexity, NONE privileges, USER...
CVE-2019-25409
CVE-2019-25409 concerns Comodo Dome Firewall 2.7.0, with a reflected cross-site scripting vulnerability exploiting the destination parameter at the routing endpoint. The description states that attackers can send POST requests to the routing endpoint containing script payloads in the destination ...
CVE-2019-25430
Comodo Dome Firewall 2.7.0 is affected by a reflected XSS in the vpn_users endpoint. An unauthenticated attacker can submit crafted input in the username parameter via a POST request to trigger arbitrary JavaScript in a victim’s browser. CVSS v4.0 and v3.1 vectors are provided, with base scores o...
CVE-2019-25406
Comodo Dome Firewall 2.7.0 is affected by a reflected cross-site scripting (XSS) vulnerability in the organization parameter affecting the korugan/cmclient endpoint. The attack could deliver arbitrary JavaScript in users’ browsers, with CVSS 4.0 metrics: base score 5.1 (Network, N/AC/L; user inte...
CVE-2019-25412
CVE-2019-25412 concerns Comodo Dome Firewall 2.7.0, which contains a reflected cross-site scripting (XSS) vulnerability. The issue arises via the NTP_SERVER_LIST parameter in POST requests to the /korugan/time endpoint, allowing an attacker to submit unsanitized input that can execute arbitrary J...
CVE-2019-25407
CVE-2019-25407 concerns Comodo Dome Firewall 2.7.0, where a reflected cross-site scripting vulnerability exists in the backupschedule interface. The issue allows an attacker to submit crafted input via POST to the backupschedule endpoint (BACKUP_RCPTTO) to execute arbitrary JavaScript in end user...
CVE-2019-25427
CVE-2019-25427 affects Comodo Dome Firewall 2.7.0, reporting a reflected cross-site scripting vulnerability in the antispyware endpoint. The issue allows an attacker to inject JavaScript by submitting crafted input via POST requests containing payloads in the DNSMASQ_WHITELIST or DNSMASQ_BLACKLIS...
CVE-2019-25404
CVE-2019-25404 affects Comodo Dome Firewall 2.7.0. The vulnerability is a stored XSS in the admin interface, exploitable by an authenticated attacker who submits crafted input to /korugan/admins via POST, injecting scripts into admin_name, name, or surname. The payload is stored and executed when...
CVE-2019-25408
CVE-2019-25408 : Comodo Dome Firewall 2.7.0 has a reflected cross-site scripting vulnerability in the netwizard2 endpoint, via the netmask_addr parameter. An attacker can send crafted POST input to inject JavaScript into users’ browsers, triggering the attack without authentication. Reported CVSS...
CVE-2019-25414
CVE-2019-25414 affects Comodo Dome Firewall 2.7.0. It is a reflected cross-site scripting vulnerability that lets unauthenticated attackers inject arbitrary JavaScript by sending payloads in the ID parameter to /manage/ips/appid/. The CVSS metrics indicate Network access, low attack complexity, n...
CVE-2019-25416
CVE-2019-25416 affects Comodo Dome Firewall 2.7.0, where a reflected cross-site scripting vulnerability exists in the device parameter. The issue arises when an attacker submits crafted input to the QoS devices management endpoint via POST requests, enabling execution of arbitrary JavaScript in u...
CVE-2019-25420
CVE-2019-25420 affects Comodo Dome Firewall 2.7.0 with a reflected cross-site scripting flaw exposed via the snat endpoint. The vulnerability allows attackers to inject JavaScript by submitting crafted input to snat, specifically through POST requests containing payloads in the port or snat_to_ip...
CVE-2019-25425
CVE-2019-25425 describes a reflected cross-site scripting vulnerability in Comodo Dome Firewall 2.7.0 . The issue arises via the smtpconfig endpoint, where an attacker can submit crafted input to the VIRUS_ADMIN parameter and perform POST requests to inject JavaScript that executes in an administ...
CVE-2019-25428
CVE-2019-25428 affects Comodo Dome Firewall 2.7.0. Affected component: openvpn_users endpoint. Root cause: reflected cross-site scripting via crafted POST parameters (username, remotenets, explicitroutes, static_ip, custom_dns, custom_domain) enabling arbitrary JavaScript in users’ browsers. Impa...
CVE-2019-25429
CVE-2019-25429 : Affected product is Comodo Dome Firewall 2.7.0. The vulnerability is a reflected cross-site scripting (XSS) flaw in the openvpn_advanced endpoint, allowing an attacker to inject JavaScript into a victim’s browser by submitting crafted input through the GLOBAL_NETWORKS and GLOBAL_...
CVE-2019-25402
CVE-2019-25402 affects Comodo Dome Firewall 2.7.0. The issue is a reflected cross-site scripting vulnerability where unauthenticated attackers can inject arbitrary JavaScript by sending crafted input to the username field at the login endpoint. Attack vectors described indicate POST requests with...
CVE-2019-25423
CVE-2019-25423 affects Comodo Dome Firewall 2.7.0 with reflected XSS in the /korugan/proxyconfig endpoint. The vulnerability arises from crafted POST parameters (e.g., PROXY_PORT, VISIBLE_HOSTNAME, ADMIN_MAIL_ADDRESS, CACHE_MEM, MAX_SIZE, MIN_SIZE, DST_NOCACHE) that can inject JavaScript, allowin...
CVE-2019-25403
CVE-2019-25403 affects Comodo Dome Firewall 2.7.0 via a stored cross-site scripting (XSS) vulnerability in the admin_profiles endpoint. An authenticated attacker can submit crafted input in the comment parameter, causing malicious JavaScript to execute in the browsers of other users who view the ...
CVE-2019-25410
CVE-2019-25410 affects Comodo Dome Firewall 2.7.0 with a reflected cross-site scripting vulnerability in the policy_routing endpoint. The flaw permits attackers to inject JavaScript via the source and destination parameters in POST requests, potentially executing in users’ browsers. CVSS scores a...
CVE-2019-25417
The CVE concerns Comodo Dome Firewall 2.7.0 with a reflected cross-site scripting flaw in the QoS rules management endpoint. Attackers can submit crafted input in the protocol parameter via POST requests, causing JavaScript to execute in administrator browsers. Root cause: input reflected into a ...
CVE-2019-25418
CVE-2019-25418 affects Comodo Dome Firewall 2.7.0, with a reflected cross-site scripting vulnerability in the FWADDRESSES parameter. Attackers can submit crafted input via POST to the /korugan/fwgroups endpoint, causing arbitrary JavaScript execution in users’ browsers and potential session data ...
CVE-2019-25405
CVE-2019-25405 affects Comodo Dome Firewall 2.7.0 with a stored XSS in the license activation endpoint (newLicense parameter). An attacker can send crafted input via POST to execute JavaScript in administrators’ browsers. Impact and CVSS details are provided (CVSS‑4.0: 5.3, NETWORK/LOW/LI, UI:P; ...
CVE-2019-25421
CVE-2019-25421 affects Comodo Dome Firewall 2.7.0. Affected component: policyfw endpoint. Vulnerability type: cross-site scripting (XSS) via policyfw, allowing attackers to submit POST requests containing JavaScript payloads in the mac, target, and remark parameters. This can execute arbitrary co...
CVE-2019-25424
CVE-2019-25424 affects Comodo Dome Firewall 2.7.0. It describes a reflected cross-site scripting vulnerability in the https_exceptions endpoint, where unsanitized input to the EXCEPTIONSITELIST parameter can be posted to trigger JavaScript in users’ browsers and potentially capture session data. ...
CVE-2019-25426
Comodo Dome Firewall 2.7.0 is affected by a reflected cross-site scripting vulnerability in the dnsmasq endpoint. The issue allows an attacker to inject and execute arbitrary JavaScript in a user’s browser by sending crafted input via POST requests to the TRANSPARENT_SOURCE_BYPASS or TRANSPARENT_...
CVE-2019-25419
CVE-2019-25419 affects Comodo Dome Firewall 2.7.0 and describes a stored cross-site scripting flaw in the schedule endpoint. An attacker can submit POST requests containing JavaScript payloads in the SCHNAME parameter, which may execute in administrators’ browsers when the schedule page is viewed...
CVE-2019-25422
CVE-2019-25422 affects Comodo Dome Firewall 2.7.0 and describes cross-site scripting vulnerabilities in the vpnfw endpoint. The weakness allows attackers to inject scripts via the target parameter (reflected XSS) or the remark parameter (stored XSS), potentially leading to execution of arbitrary ...