Reflected Cross-Site Scripting in Comodo Dome Firewall 2.7.0
CVE-2019-25426
5.1MEDIUM
What is CVE-2019-25426?
Comodo Dome Firewall version 2.7.0 is susceptible to a reflected cross-site scripting vulnerability. This issue allows attackers to craft malicious input targeting the dnsmasq endpoint, leading to the execution of arbitrary JavaScript in users’ browsers. By exploiting this vulnerability, an attacker can send POST requests that include script payloads in the TRANSPARENT_SOURCE_BYPASS or TRANSPARENT_DESTINATION_BYPASS parameters, potentially compromising the security of affected users.
Affected Version(s)
Comodo Dome Firewall 2.7.0
References
CVSS V4
Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Ozer Goker