Comodo Dome Firewall Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in Comodo Dome Firewall version 2.7.0. This vulnerability allows authenticated attackers to inject malicious scripts by submitting crafted input through admin management parameters. The injected scripts are executed when administrators access the interface. The vulnerability arises from improper neutralization of input during web page generation, specifically through the admin_name, name, and surname parameters via POST requests to the /korugan/admins endpoint.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user accessing the admin interface.

Reproduction

To reproduce this vulnerability, an authenticated attacker can send a POST request to the /korugan/admins endpoint with a payload containing a script injection in the admin_name, name, or surname parameters. Once the payload is submitted, the injected script will be executed when an administrator views the admin profiles.