← Zuruck zu CVEs

CVE-2019-25412

MEDIUM

6.1

Beschreibung

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input through the NTP_SERVER_LIST parameter. Attackers can send POST requests to the /korugan/time endpoint with script payloads in the NTP_SERVER_LIST parameter to execute arbitrary JavaScript in users' browsers.

CVE Details

CVSS v3.1 Bewertung6.1

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht2/19/2026

Zuletzt geandert2/20/2026

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

comodo:dome_firewall

Schwachen (CWE)

CWE-79

Referenzen

https://cdome.comodo.com/firewall/(disclosure@vulncheck.com)

https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278(disclosure@vulncheck.com)

https://www.exploit-db.com/exploits/46408(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-scripting-via-ntpserverlist(disclosure@vulncheck.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.