Search
Search Results (29 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25426 | 2 Cdome, Comodo | 2 Comodo Dome Firewall, Dome Firewall | 2026-02-20 | 6.1 Medium |
| Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the dnsmasq endpoint. Attackers can send POST requests with script payloads in the TRANSPARENT_SOURCE_BYPASS or TRANSPARENT_DESTINATION_BYPASS parameters to execute arbitrary JavaScript in users' browsers. | ||||
| CVE-2019-25406 | 2 Cdome, Comodo | 2 Comodo Dome Firewall, Dome Firewall | 2026-02-20 | 6.1 Medium |
| Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the organization parameter. Attackers can send POST requests to the korugan/cmclient endpoint with script payloads in the organization parameter to execute arbitrary JavaScript in users' browsers. | ||||
| CVE-2019-25407 | 2 Cdome, Comodo | 2 Comodo Dome Firewall, Dome Firewall | 2026-02-20 | 6.1 Medium |
| Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the backup schedule interface. Attackers can send POST requests to the backupschedule endpoint with JavaScript code in the BACKUP_RCPTTO parameter to execute arbitrary scripts in users' browsers. | ||||
| CVE-2019-25408 | 2 Cdome, Comodo | 2 Comodo Dome Firewall, Dome Firewall | 2026-02-20 | 6.1 Medium |
| Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmask_addr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmask_addr parameter to execute arbitrary JavaScript in users' browsers. | ||||
| CVE-2019-25409 | 2 Cdome, Comodo | 2 Comodo Dome Firewall, Dome Firewall | 2026-02-20 | 6.1 Medium |
| Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the destination parameter. Attackers can send POST requests to the routing endpoint with script payloads in the destination parameter to execute arbitrary JavaScript in users' browsers. | ||||
| CVE-2019-25410 | 2 Cdome, Comodo | 2 Comodo Dome Firewall, Dome Firewall | 2026-02-20 | 6.1 Medium |
| Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. Attackers can submit POST requests to the policy routing endpoint with script payloads in these parameters to execute arbitrary JavaScript in users' browsers. | ||||
| CVE-2019-25411 | 2 Cdome, Comodo | 2 Comodo Dome Firewall, Dome Firewall | 2026-02-20 | 6.1 Medium |
| Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAY_GREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with script payloads to execute arbitrary JavaScript in administrator browsers. | ||||
| CVE-2019-25412 | 2 Cdome, Comodo | 2 Comodo Dome Firewall, Dome Firewall | 2026-02-20 | 6.1 Medium |
| Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input through the NTP_SERVER_LIST parameter. Attackers can send POST requests to the /korugan/time endpoint with script payloads in the NTP_SERVER_LIST parameter to execute arbitrary JavaScript in users' browsers. | ||||
| CVE-2019-25430 | 2 Cdome, Comodo | 2 Comodo Dome Firewall, Dome Firewall | 2026-02-20 | 6.1 Medium |
| Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the vpn_users endpoint with script payloads in the username field to execute arbitrary JavaScript in victim browsers. | ||||