Export limit exceeded: 47032 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47032 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-25416 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.1 Medium
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through the device parameter. Attackers can send POST requests to the QoS devices management endpoint with script payloads in the device parameter to execute arbitrary JavaScript in users' browsers.
CVE-2019-25415 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.1 Medium
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the hotspot_permanent_users endpoint. Attackers can send POST requests with JavaScript payloads in the MACADDRESSES parameter to execute arbitrary scripts in users' browsers.
CVE-2019-25414 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.1 Medium
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/appid/ endpoint with script payloads in the ID parameter to execute arbitrary JavaScript in victim browsers.
CVE-2019-25413 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.1 Medium
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with script payloads in the ID parameter to execute arbitrary JavaScript in victim browsers.
CVE-2019-25412 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.1 Medium
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input through the NTP_SERVER_LIST parameter. Attackers can send POST requests to the /korugan/time endpoint with script payloads in the NTP_SERVER_LIST parameter to execute arbitrary JavaScript in users' browsers.
CVE-2019-25411 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.1 Medium
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAY_GREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with script payloads to execute arbitrary JavaScript in administrator browsers.
CVE-2019-25410 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.1 Medium
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. Attackers can submit POST requests to the policy routing endpoint with script payloads in these parameters to execute arbitrary JavaScript in users' browsers.
CVE-2019-25409 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.1 Medium
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the destination parameter. Attackers can send POST requests to the routing endpoint with script payloads in the destination parameter to execute arbitrary JavaScript in users' browsers.
CVE-2019-25408 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.1 Medium
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmask_addr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmask_addr parameter to execute arbitrary JavaScript in users' browsers.
CVE-2019-25407 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.1 Medium
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the backup schedule interface. Attackers can send POST requests to the backupschedule endpoint with JavaScript code in the BACKUP_RCPTTO parameter to execute arbitrary scripts in users' browsers.
CVE-2019-25406 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.1 Medium
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the organization parameter. Attackers can send POST requests to the korugan/cmclient endpoint with script payloads in the organization parameter to execute arbitrary JavaScript in users' browsers.
CVE-2019-25405 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 7.2 High
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the newLicense parameter. Attackers can send POST requests to the license activation endpoint with script payloads in the newLicense field to execute arbitrary JavaScript in administrators' browsers.
CVE-2019-25404 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.4 Medium
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input through admin management parameters. Attackers can inject script payloads in the admin_name, name, and surname parameters via POST requests to the /korugan/admins endpoint, which are stored and executed when administrators access the interface.
CVE-2019-25403 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.4 Medium
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the comment parameter. Attackers can inject JavaScript code through the admin_profiles endpoint that executes in the browsers of other users who view the affected page.
CVE-2019-25402 2 Cdome, Comodo 3 Comodo Dome Firewall, Comodo Dome Firewall, Dome Firewall 2026-03-02 6.1 Medium
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the login endpoint with script payloads in the username field to execute arbitrary JavaScript in users' browsers.
CVE-2025-1071 1 Watchguard 28 Firebox M270, Firebox M290, Firebox M370 and 25 more 2026-03-02 4.8 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.
CVE-2018-12653 1 Myadrenalin 1 Adrenalin 2026-03-02 N/A
A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious JavaScript code in /RPT/SSRSDynamicEditReports.aspx via 'ReportId' parameter.
CVE-2018-12652 1 Myadrenalin 1 Adrenalin 2026-03-02 N/A
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the LeaveEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter.
CVE-2018-12651 1 Myadrenalin 1 Human Resource Management Software 2026-03-02 N/A
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the ShiftEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter.
CVE-2018-12650 1 Myadrenalin 1 Human Resource Management Software 2026-03-02 N/A
Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'.