Comodo Dome Firewall: Malicious Scripts Can Be Injected into User Browsers

Summary

Comodo Dome Firewall version 2.7.0 has a security weakness that could allow hackers to inject malicious code into users' web browsers. This could lead to unauthorized access to users' computers or personal data. Update Comodo Dome Firewall to the latest version to fix this vulnerability.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
comodo	dome_firewall	2.7.0	–

Original title

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the hotspot_permanent_users e...

Original description

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the hotspot_permanent_users endpoint. Attackers can send POST requests with JavaScript payloads in the MACADDRESSES parameter to execute arbitrary scripts in users' browsers.

nvd CVSS3.1 6.1

nvd CVSS4.0 5.1

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://cdome.comodo.com/firewall/ Product
https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=92... Not Applicable
https://www.exploit-db.com/exploits/46408 Exploit Third Party Advisory
https://www.vulncheck.com/advisories/comodo-dome-firewall-cross-site-scripting-v... Broken Link