ГлавнаяУязвимости → CVE-2019-25419
7.2высокая

CVE-2019-25419

Описание

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the schedule endpoint. Attackers can submit POST requests with JavaScript payloads in the SCHNAME parameter to execute arbitrary code in administrators' browsers when the schedule page is accessed.

Затрагиваемое ПО
Comodo Dome firewall
CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Источники
https://cdome.comodo.com/firewall/https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278https://www.exploit-db.com/exploits/46408https://www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scripting-via-schedule