← volver
CVE-2019-25419

Comodo Dome Firewall 2.7.0 Stored Cross-Site Scripting via schedule

CVSS 5.3 MEDIUMEPSS 0.4%CWE-79
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the schedule endpoint. Attackers can submit POST requests with JavaScript payloads in the SCHNAME parameter to execute arbitrary code in administrators' browsers when the schedule page is accessed.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Productos afectados
Comodo · Comodo Dome Firewall

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://cdome.comodo.com/firewall/https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278https://www.exploit-db.com/exploits/46408https://www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scripting-via-schedule