Reflected Cross-Site Scripting Vulnerability in Comodo Dome Firewall
CVE-2019-25423
5.1MEDIUM
What is CVE-2019-25423?
Comodo Dome Firewall 2.7.0 is susceptible to multiple reflected cross-site scripting vulnerabilities within the /korugan/proxyconfig endpoint. These vulnerabilities enable attackers to exploit crafted POST requests, injecting malicious JavaScript payloads through various parameters such as PROXY_PORT, VISIBLE_HOSTNAME, ADMIN_MAIL_ADDRESS, CACHE_MEM, MAX_SIZE, MIN_SIZE, and DST_NOCACHE. Successful exploitation allows attackers to execute arbitrary scripts within the context of the administrator's browser, potentially compromising the security of the application and its users.
Affected Version(s)
Comodo Dome Firewall 2.7.0
References
CVSS V4
Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Ozer Goker