Total
29 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-25426 | 1 Comodo | 1 Dome Firewall | 2026-02-20 | N/A | 6.1 MEDIUM |
| Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the dnsmasq endpoint. Attackers can send POST requests with script payloads in the TRANSPARENT_SOURCE_BYPASS or TRANSPARENT_DESTINATION_BYPASS parameters to execute arbitrary JavaScript in users' browsers. | |||||
| CVE-2019-25406 | 1 Comodo | 1 Dome Firewall | 2026-02-20 | N/A | 6.1 MEDIUM |
| Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the organization parameter. Attackers can send POST requests to the korugan/cmclient endpoint with script payloads in the organization parameter to execute arbitrary JavaScript in users' browsers. | |||||
| CVE-2019-25407 | 1 Comodo | 1 Dome Firewall | 2026-02-20 | N/A | 6.1 MEDIUM |
| Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the backup schedule interface. Attackers can send POST requests to the backupschedule endpoint with JavaScript code in the BACKUP_RCPTTO parameter to execute arbitrary scripts in users' browsers. | |||||
| CVE-2019-25408 | 1 Comodo | 1 Dome Firewall | 2026-02-20 | N/A | 6.1 MEDIUM |
| Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmask_addr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmask_addr parameter to execute arbitrary JavaScript in users' browsers. | |||||
| CVE-2019-25409 | 1 Comodo | 1 Dome Firewall | 2026-02-20 | N/A | 6.1 MEDIUM |
| Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the destination parameter. Attackers can send POST requests to the routing endpoint with script payloads in the destination parameter to execute arbitrary JavaScript in users' browsers. | |||||
| CVE-2019-25410 | 1 Comodo | 1 Dome Firewall | 2026-02-20 | N/A | 6.1 MEDIUM |
| Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. Attackers can submit POST requests to the policy routing endpoint with script payloads in these parameters to execute arbitrary JavaScript in users' browsers. | |||||
| CVE-2019-25411 | 1 Comodo | 1 Dome Firewall | 2026-02-20 | N/A | 6.1 MEDIUM |
| Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAY_GREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with script payloads to execute arbitrary JavaScript in administrator browsers. | |||||
| CVE-2019-25412 | 1 Comodo | 1 Dome Firewall | 2026-02-20 | N/A | 6.1 MEDIUM |
| Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input through the NTP_SERVER_LIST parameter. Attackers can send POST requests to the /korugan/time endpoint with script payloads in the NTP_SERVER_LIST parameter to execute arbitrary JavaScript in users' browsers. | |||||
| CVE-2019-25430 | 1 Comodo | 1 Dome Firewall | 2026-02-19 | N/A | 6.1 MEDIUM |
| Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the vpn_users endpoint with script payloads in the username field to execute arbitrary JavaScript in victim browsers. | |||||