CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-25419

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the schedule endpoint. Attackers can submit POST requests with JavaScript payloads in the SCHNAME parameter to execute arbitrary code in administrators' browsers when the schedule page is accessed.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.3%

CVSS Severity

CVSS v3 Score 7.2

References

https://cdome.comodo.com/firewall/
https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278
https://www.exploit-db.com/exploits/46408
https://www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scripting-via-schedule

Products affected by CVE-2019-25419

Comodo » Dome Firewall » Version: Any

cpe:2.3:a:comodo:dome_firewall:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-25419

Products

Pricing

Contact Us