Comodo Dome Firewall 2.7.0: Malicious Scripts Injected Via Firewall Configuration

Summary

The Comodo Dome Firewall version 2.7.0 has a security weakness that allows hackers to inject malicious code into users' browsers when they visit certain websites. This could potentially lead to unauthorized actions or data theft. To protect your network, update to the latest version of the firewall software.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
comodo	dome_firewall	2.7.0	–

Original title

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. Attackers can sub...

Original description

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. Attackers can submit POST requests to the policy routing endpoint with script payloads in these parameters to execute arbitrary JavaScript in users' browsers.

nvd CVSS3.1 6.1

nvd CVSS4.0 5.1

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://cdome.comodo.com/firewall/ Product
https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=92... Not Applicable
https://www.exploit-db.com/exploits/46408 Exploit VDB Entry
https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-s... Broken Link