CVE-2019-25423
Comodo Dome Firewall 2.7.0 Cross-Site Scripting via proxyconfig
Description
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the /korugan/proxyconfig endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with JavaScript payloads in parameters like PROXY_PORT, VISIBLE_HOSTNAME, ADMIN_MAIL_ADDRESS, CACHE_MEM, MAX_SIZE, MIN_SIZE, and DST_NOCACHE to execute arbitrary scripts in administrator browsers.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:RUser InteractionS:CScopeC:LConfidentialityI:LIntegrityA:NAvailabilityWeaknesses
Affected Products
Attack Graph
Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.
Exploitability
Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.
View exploit detailsMITRE ATT&CK
2 techniquesReferences
Timeline
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2019-25423 and every CVE in our database. Create a free account — no credit card required.
Create Free Account