exploitDog

CVE-2019-25413

Опубликовано: 19 фев. 2026

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with script payloads in the ID parameter to execute arbitrary JavaScript in victim browsers.

Ссылки

https://cdome.comodo.com/firewall/
Product
https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278
Not Applicable
https://www.exploit-db.com/exploits/46408
Exploit
Third Party Advisory
https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-scripting-via-id-parameter
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:comodo:dome_firewall:*:*:*:*:*:*:*:*

Версия до 2.7.0 (включая)

EPSS

Процентиль: 30%

0.00384

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-hqhj-r5wh-wfx4

CVSS3: 6.1

github

4 месяца назад

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with script payloads in the ID parameter to execute arbitrary JavaScript in victim browsers.

EPSS

Процентиль: 30%

0.00384

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79