Comodo Dome Firewall 2.7.0: Malicious Script Injection via User Input

Summary

The Comodo Dome Firewall 2.7.0 contains a security flaw that allows hackers to inject malicious code into users' browsers by submitting specially crafted input. This can lead to unauthorized actions on a user's system. Users should update to the latest version of the software to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
comodo	dome_firewall	2.7.0	–

Original title

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmask_addr parameter. Attac...

Original description

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmask_addr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmask_addr parameter to execute arbitrary JavaScript in users' browsers.

nvd CVSS3.1 6.1

nvd CVSS4.0 5.1

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://cdome.comodo.com/firewall/ Product
https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=92... Not Applicable
https://www.exploit-db.com/exploits/46408 Exploit VDB Entry
https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-s... Broken Link