CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-25422

Comodo Dome Firewall 2.7.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the vpnfw endpoint. Attackers can submit POST requests with script payloads in the target parameter for reflected XSS or the remark parameter for stored XSS to execute arbitrary JavaScript in administrator browsers.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.7%

CVSS Severity

CVSS v3 Score 7.2

References

https://cdome.comodo.com/firewall/
https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278
https://www.exploit-db.com/exploits/46408
https://www.vulncheck.com/advisories/comodo-dome-firewall-cross-site-scripting-via-vpnfw

Products affected by CVE-2019-25422

Comodo » Dome Firewall » Version: Any

cpe:2.3:a:comodo:dome_firewall:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-25422

Products

Pricing

Contact Us