Lucene search
K
ComodoDome Firewall

29 matches found

CVE
CVE
added 2026/02/19 12:2 p.m.27 views

CVE-2019-25413

Comodo Dome Firewall 2.7.0 is affected by a reflected cross-site scripting vulnerability where unauthenticated attackers can inject JavaScript via the ID parameter on the /manage/ips/rules/ endpoint. The issue allows execution of arbitrary scripts in victim browsers, with CVSS metrics indicating ...

6.1CVSS5.6AI score0.00384EPSS
Web
CVE
CVE
added 2026/02/19 12:2 p.m.22 views

CVE-2019-25411

CVE-2019-25411 affects Comodo Dome Firewall 2.7.0 with a reflected cross-site scripting vulnerability in the DHCP configuration endpoint. The vulnerability is triggered by manipulating the GATEWAY_GREEN parameter and submitting POST requests, allowing an attacker to inject and execute arbitrary J...

6.1CVSS5.6AI score0.00344EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.19 views

CVE-2019-25415

Comodo Dome Firewall 2.7.0 is affected by a reflected XSS in the hotspot_permanent_users endpoint. An attacker can submit unsanitized input via MACADDRESSES in a POST to inject JavaScript that runs in users’ browsers. CVSS metrics: CVSSv3.1 base 6.1 (NETWORK, LOW complexity, NONE privileges, USER...

6.1CVSS5.6AI score0.00384EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.17 views

CVE-2019-25409

CVE-2019-25409 concerns Comodo Dome Firewall 2.7.0, with a reflected cross-site scripting vulnerability exploiting the destination parameter at the routing endpoint. The description states that attackers can send POST requests to the routing endpoint containing script payloads in the destination ...

6.1CVSS5.6AI score0.0034EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.17 views

CVE-2019-25430

Comodo Dome Firewall 2.7.0 is affected by a reflected XSS in the vpn_users endpoint. An unauthenticated attacker can submit crafted input in the username parameter via a POST request to trigger arbitrary JavaScript in a victim’s browser. CVSS v4.0 and v3.1 vectors are provided, with base scores o...

6.1CVSS5.6AI score0.00369EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.16 views

CVE-2019-25406

Comodo Dome Firewall 2.7.0 is affected by a reflected cross-site scripting (XSS) vulnerability in the organization parameter affecting the korugan/cmclient endpoint. The attack could deliver arbitrary JavaScript in users’ browsers, with CVSS 4.0 metrics: base score 5.1 (Network, N/AC/L; user inte...

6.1CVSS5.6AI score0.0034EPSS
Web
CVE
CVE
added 2026/02/19 12:2 p.m.16 views

CVE-2019-25412

CVE-2019-25412 concerns Comodo Dome Firewall 2.7.0, which contains a reflected cross-site scripting (XSS) vulnerability. The issue arises via the NTP_SERVER_LIST parameter in POST requests to the /korugan/time endpoint, allowing an attacker to submit unsanitized input that can execute arbitrary J...

6.1CVSS5.6AI score0.0033EPSS
Web
CVE
CVE
added 2026/02/19 12:2 p.m.15 views

CVE-2019-25407

CVE-2019-25407 concerns Comodo Dome Firewall 2.7.0, where a reflected cross-site scripting vulnerability exists in the backupschedule interface. The issue allows an attacker to submit crafted input via POST to the backupschedule endpoint (BACKUP_RCPTTO) to execute arbitrary JavaScript in end user...

6.1CVSS5.7AI score0.00395EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.15 views

CVE-2019-25427

CVE-2019-25427 affects Comodo Dome Firewall 2.7.0, reporting a reflected cross-site scripting vulnerability in the antispyware endpoint. The issue allows an attacker to inject JavaScript by submitting crafted input via POST requests containing payloads in the DNSMASQ_WHITELIST or DNSMASQ_BLACKLIS...

6.1CVSS5.8AI score0.00399EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.14 views

CVE-2019-25404

CVE-2019-25404 affects Comodo Dome Firewall 2.7.0. The vulnerability is a stored XSS in the admin interface, exploitable by an authenticated attacker who submits crafted input to /korugan/admins via POST, injecting scripts into admin_name, name, or surname. The payload is stored and executed when...

6.4CVSS5.2AI score0.00301EPSS
Web
CVE
CVE
added 2026/02/19 12:2 p.m.14 views

CVE-2019-25408

CVE-2019-25408 : Comodo Dome Firewall 2.7.0 has a reflected cross-site scripting vulnerability in the netwizard2 endpoint, via the netmask_addr parameter. An attacker can send crafted POST input to inject JavaScript into users’ browsers, triggering the attack without authentication. Reported CVSS...

6.1CVSS5.6AI score0.0034EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.14 views

CVE-2019-25414

CVE-2019-25414 affects Comodo Dome Firewall 2.7.0. It is a reflected cross-site scripting vulnerability that lets unauthenticated attackers inject arbitrary JavaScript by sending payloads in the ID parameter to /manage/ips/appid/. The CVSS metrics indicate Network access, low attack complexity, n...

6.1CVSS5.6AI score0.00384EPSS
Web
CVE
CVE
added 2026/02/19 12:2 p.m.14 views

CVE-2019-25416

CVE-2019-25416 affects Comodo Dome Firewall 2.7.0, where a reflected cross-site scripting vulnerability exists in the device parameter. The issue arises when an attacker submits crafted input to the QoS devices management endpoint via POST requests, enabling execution of arbitrary JavaScript in u...

6.1CVSS5.6AI score0.00344EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.14 views

CVE-2019-25420

CVE-2019-25420 affects Comodo Dome Firewall 2.7.0 with a reflected cross-site scripting flaw exposed via the snat endpoint. The vulnerability allows attackers to inject JavaScript by submitting crafted input to snat, specifically through POST requests containing payloads in the port or snat_to_ip...

6.1CVSS5.6AI score0.00399EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.14 views

CVE-2019-25425

CVE-2019-25425 describes a reflected cross-site scripting vulnerability in Comodo Dome Firewall 2.7.0 . The issue arises via the smtpconfig endpoint, where an attacker can submit crafted input to the VIRUS_ADMIN parameter and perform POST requests to inject JavaScript that executes in an administ...

6.1CVSS5.6AI score0.00344EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.14 views

CVE-2019-25428

CVE-2019-25428 affects Comodo Dome Firewall 2.7.0. Affected component: openvpn_users endpoint. Root cause: reflected cross-site scripting via crafted POST parameters (username, remotenets, explicitroutes, static_ip, custom_dns, custom_domain) enabling arbitrary JavaScript in users’ browsers. Impa...

6.1CVSS5.6AI score0.0033EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.14 views

CVE-2019-25429

CVE-2019-25429 : Affected product is Comodo Dome Firewall 2.7.0. The vulnerability is a reflected cross-site scripting (XSS) flaw in the openvpn_advanced endpoint, allowing an attacker to inject JavaScript into a victim’s browser by submitting crafted input through the GLOBAL_NETWORKS and GLOBAL_...

6.1CVSS5.7AI score0.00384EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.13 views

CVE-2019-25402

CVE-2019-25402 affects Comodo Dome Firewall 2.7.0. The issue is a reflected cross-site scripting vulnerability where unauthenticated attackers can inject arbitrary JavaScript by sending crafted input to the username field at the login endpoint. Attack vectors described indicate POST requests with...

6.1CVSS5.6AI score0.00384EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.13 views

CVE-2019-25423

CVE-2019-25423 affects Comodo Dome Firewall 2.7.0 with reflected XSS in the /korugan/proxyconfig endpoint. The vulnerability arises from crafted POST parameters (e.g., PROXY_PORT, VISIBLE_HOSTNAME, ADMIN_MAIL_ADDRESS, CACHE_MEM, MAX_SIZE, MIN_SIZE, DST_NOCACHE) that can inject JavaScript, allowin...

6.1CVSS5.6AI score0.00399EPSS
Web
CVE
CVE
added 2026/02/19 12:2 p.m.12 views

CVE-2019-25403

CVE-2019-25403 affects Comodo Dome Firewall 2.7.0 via a stored cross-site scripting (XSS) vulnerability in the admin_profiles endpoint. An authenticated attacker can submit crafted input in the comment parameter, causing malicious JavaScript to execute in the browsers of other users who view the ...

6.4CVSS5.3AI score0.0029EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.12 views

CVE-2019-25410

CVE-2019-25410 affects Comodo Dome Firewall 2.7.0 with a reflected cross-site scripting vulnerability in the policy_routing endpoint. The flaw permits attackers to inject JavaScript via the source and destination parameters in POST requests, potentially executing in users’ browsers. CVSS scores a...

6.1CVSS5.6AI score0.0034EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.12 views

CVE-2019-25417

The CVE concerns Comodo Dome Firewall 2.7.0 with a reflected cross-site scripting flaw in the QoS rules management endpoint. Attackers can submit crafted input in the protocol parameter via POST requests, causing JavaScript to execute in administrator browsers. Root cause: input reflected into a ...

6.1CVSS5.8AI score0.00399EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.12 views

CVE-2019-25418

CVE-2019-25418 affects Comodo Dome Firewall 2.7.0, with a reflected cross-site scripting vulnerability in the FWADDRESSES parameter. Attackers can submit crafted input via POST to the /korugan/fwgroups endpoint, causing arbitrary JavaScript execution in users’ browsers and potential session data ...

6.1CVSS5.6AI score0.00344EPSS
Web
CVE
CVE
added 2026/02/19 12:2 p.m.11 views

CVE-2019-25405

CVE-2019-25405 affects Comodo Dome Firewall 2.7.0 with a stored XSS in the license activation endpoint (newLicense parameter). An attacker can send crafted input via POST to execute JavaScript in administrators’ browsers. Impact and CVSS details are provided (CVSS‑4.0: 5.3, NETWORK/LOW/LI, UI:P; ...

7.2CVSS5.6AI score0.00296EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.11 views

CVE-2019-25421

CVE-2019-25421 affects Comodo Dome Firewall 2.7.0. Affected component: policyfw endpoint. Vulnerability type: cross-site scripting (XSS) via policyfw, allowing attackers to submit POST requests containing JavaScript payloads in the mac, target, and remark parameters. This can execute arbitrary co...

6.1CVSS5.8AI score0.00399EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.11 views

CVE-2019-25424

CVE-2019-25424 affects Comodo Dome Firewall 2.7.0. It describes a reflected cross-site scripting vulnerability in the https_exceptions endpoint, where unsanitized input to the EXCEPTIONSITELIST parameter can be posted to trigger JavaScript in users’ browsers and potentially capture session data. ...

6.1CVSS5.6AI score0.0033EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.11 views

CVE-2019-25426

Comodo Dome Firewall 2.7.0 is affected by a reflected cross-site scripting vulnerability in the dnsmasq endpoint. The issue allows an attacker to inject and execute arbitrary JavaScript in a user’s browser by sending crafted input via POST requests to the TRANSPARENT_SOURCE_BYPASS or TRANSPARENT_...

6.1CVSS5.6AI score0.00369EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.10 views

CVE-2019-25419

CVE-2019-25419 affects Comodo Dome Firewall 2.7.0 and describes a stored cross-site scripting flaw in the schedule endpoint. An attacker can submit POST requests containing JavaScript payloads in the SCHNAME parameter, which may execute in administrators’ browsers when the schedule page is viewed...

7.2CVSS5.8AI score0.00357EPSS
CVE
CVE
added 2026/02/19 12:2 p.m.8 views

CVE-2019-25422

CVE-2019-25422 affects Comodo Dome Firewall 2.7.0 and describes cross-site scripting vulnerabilities in the vpnfw endpoint. The weakness allows attackers to inject scripts via the target parameter (reflected XSS) or the remark parameter (stored XSS), potentially leading to execution of arbitrary ...

7.2CVSS5.5AI score0.00348EPSS