CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-25428

Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpn_users endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payloads in the username, remotenets, explicitroutes, static_ip, custom_dns, or custom_domain parameters to execute arbitrary JavaScript in users' browsers.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.7%

CVSS Severity

CVSS v3 Score 6.1

References

https://cdome.comodo.com/firewall/
https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278
https://www.exploit-db.com/exploits/46408
https://www.vulncheck.com/advisories/comodo-dome-firewall-cross-site-scripting-via-openvpnusers

Products affected by CVE-2019-25428

Comodo » Dome Firewall » Version: 2.7.0

cpe:2.3:a:comodo:dome_firewall:2.7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-25428

Products

Pricing

Contact Us