Dome Firewall
Approved changes feed: RSS · Atom
cpe:2.3:a:comodo:dome_firewall:2.7.0:*:*:*:*:*:*:*
part: a version: 2.7.0 update: *
| Vendor | Comodo (ae0f5a94-22c5-54dd-8ff5-a3476482174a) |
|---|---|
| Product | Dome Firewall (407ab60e-107f-547a-a450-d574987bba9c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-25430 |
vulnerable | 2026-06-03 14:40:18.468494 |
Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via vpn_users
MEDIUM (6.1)
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the vpn_users endpoint with script payloads in the username field to execute arbitrary JavaScript in victim browsers.
Published: 2026-02-19T12:02:44.636Z
Updated: 2026-05-24T01:36:49.285Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-25429 |
vulnerable | 2026-06-03 14:40:18.468180 |
Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via openvpn_advanced
MEDIUM (6.1)
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the openvpn_advanced endpoint. Attackers can inject JavaScript code through the GLOBAL_NETWORKS and GLOBAL_DNS parameters via POST requests to execute arbitrary scripts in users' browsers.
Published: 2026-02-19T12:02:43.707Z
Updated: 2026-05-24T01:36:48.643Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-25428 |
vulnerable | 2026-06-03 14:40:18.467858 |
Comodo Dome Firewall 2.7.0 Cross-Site Scripting via openvpn_users
MEDIUM (6.1)
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpn_users endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payloads in the username, remotenets, explicitroutes, static_ip, custom_dns, or custom_domain parameters to execute arbitrary JavaScript in users' browsers.
Published: 2026-02-19T12:02:42.885Z
Updated: 2026-05-24T01:36:47.906Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-25424 |
vulnerable | 2026-06-03 14:40:18.466594 |
Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via https_exceptions
MEDIUM (6.1)
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the EXCEPTIONSITELIST parameter. Attackers can craft POST requests to the https_exceptions endpoint with script payloads to execute arbitrary JavaScript in users' browsers and steal session data.
Published: 2026-02-19T12:02:39.531Z
Updated: 2026-05-24T01:36:44.986Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-25415 |
vulnerable | 2026-06-03 14:40:18.463522 |
Comodo Dome Firewall 2.7.0 Cross-Site Scripting via hotspot_permanent_users
MEDIUM (6.1)
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the hotspot_permanent_users endpoint. Attackers can send POST requests with JavaScript payloads in the MACADDRESSES parameter to execute arbitrary scripts in users' browsers.
Published: 2026-02-19T12:02:31.747Z
Updated: 2026-05-24T01:36:40.032Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-25412 |
vulnerable | 2026-06-03 14:40:18.462529 |
Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via NTP_SERVER_LIST
MEDIUM (6.1)
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input through the NTP_SERVER_LIST parameter. Attackers can send POST requests to the /korugan/time endpoint with script payloads in the NTP_SERVER_LIST parameter to execute arbitrary JavaScript in users' browsers.
Published: 2026-02-19T12:02:29.064Z
Updated: 2026-05-24T01:36:37.975Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-25410 |
vulnerable | 2026-06-03 14:40:18.461818 |
Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via policy_routing
MEDIUM (6.1)
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. Attackers can submit POST requests to the policy routing endpoint with script payloads in these parameters to execute arbitrary JavaScript in users' browsers.
Published: 2026-02-19T12:02:27.387Z
Updated: 2026-05-24T01:36:36.577Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-25408 |
vulnerable | 2026-06-03 14:40:18.458159 |
Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via netwizard2
MEDIUM (6.1)
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmask_addr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmask_addr parameter to execute arbitrary JavaScript in users' browsers.
Published: 2026-02-19T12:02:25.726Z
Updated: 2026-05-24T01:36:35.197Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-25405 |
vulnerable | 2026-06-03 14:40:18.457173 |
Comodo Dome Firewall 2.7.0 Stored Cross-Site Scripting via license_activation
HIGH (7.2)
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the newLicense parameter. Attackers can send POST requests to the license activation endpoint with script payloads in the newLicense field to execute arbitrary JavaScript in administrators' browsers.
Published: 2026-02-19T12:02:23.191Z
Updated: 2026-03-02T21:05:20.966Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-25403 |
vulnerable | 2026-06-03 14:40:18.456357 |
Comodo Dome Firewall 2.7.0 Stored Cross-Site Scripting via admin_profiles
MEDIUM (6.4)
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the comment parameter. Attackers can inject JavaScript code through the admin_profiles endpoint that executes in the browsers of other users who view the affected page.
Published: 2026-02-19T12:02:21.496Z
Updated: 2026-03-02T21:05:19.012Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.