Ozer Goker

79 exploits Active since Feb 2026
CVE-2019-25411 EXPLOITDB MEDIUM text WORKING POC
Comodo Dome Firewall < 2.7.0 - Reflected Cross-Site Scripting via GATEWAY_GREEN Parameter
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAY_GREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with script payloads to execute arbitrary JavaScript in administrator browsers.
CVSS 6.1
CVE-2019-25410 EXPLOITDB MEDIUM text WORKING POC
Comodo Dome Firewall 2.7.0 - Reflected Cross-Site Scripting via Policy Routing Parameters
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. Attackers can submit POST requests to the policy routing endpoint with script payloads in these parameters to execute arbitrary JavaScript in users' browsers.
CVSS 6.1
CVE-2019-25409 EXPLOITDB MEDIUM text WORKING POC
Comodo Dome Firewall < 2.7.0 - Reflected Cross-Site Scripting via Destination Parameter
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the destination parameter. Attackers can send POST requests to the routing endpoint with script payloads in the destination parameter to execute arbitrary JavaScript in users' browsers.
CVSS 6.1
CVE-2019-25408 EXPLOITDB MEDIUM text WORKING POC
Comodo Dome Firewall 2.7.0 - Reflected Cross-Site Scripting via netmask_addr Parameter
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmask_addr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmask_addr parameter to execute arbitrary JavaScript in users' browsers.
CVSS 6.1
CVE-2019-25407 EXPLOITDB MEDIUM text WORKING POC
Comodo Dome Firewall < 2.7.0 - Reflected Cross-Site Scripting via Backup Schedule BACKUP_RCPTTO Parameter
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the backup schedule interface. Attackers can send POST requests to the backupschedule endpoint with JavaScript code in the BACKUP_RCPTTO parameter to execute arbitrary scripts in users' browsers.
CVSS 6.1
CVE-2019-25406 EXPLOITDB MEDIUM text WORKING POC
Comodo Dome Firewall < 2.7.0 - Reflected Cross-Site Scripting via Organization Parameter
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the organization parameter. Attackers can send POST requests to the korugan/cmclient endpoint with script payloads in the organization parameter to execute arbitrary JavaScript in users' browsers.
CVSS 6.1
CVE-2019-25405 EXPLOITDB HIGH text WORKING POC
Comodo Dome Firewall 2.7.0 - Stored XSS
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the newLicense parameter. Attackers can send POST requests to the license activation endpoint with script payloads in the newLicense field to execute arbitrary JavaScript in administrators' browsers.
CVSS 7.2
CVE-2019-25404 EXPLOITDB MEDIUM text WORKING POC
Comodo Dome Firewall 2.7.0 - Stored XSS
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input through admin management parameters. Attackers can inject script payloads in the admin_name, name, and surname parameters via POST requests to the /korugan/admins endpoint, which are stored and executed when administrators access the interface.
CVSS 6.4
CVE-2019-25403 EXPLOITDB MEDIUM text WORKING POC
Comodo Dome Firewall 2.7.0 - Stored XSS
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the comment parameter. Attackers can inject JavaScript code through the admin_profiles endpoint that executes in the browsers of other users who view the affected page.
CVSS 6.4
CVE-2019-25402 EXPLOITDB MEDIUM text WORKING POC
Comodo Dome Firewall < 2.7.0 - Unauthenticated Reflected Cross-Site Scripting via Login Username Parameter
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the login endpoint with script payloads in the username field to execute arbitrary JavaScript in users' browsers.
CVSS 6.1
CVE-2019-25396 EXPLOITDB MEDIUM text WORKING POC
IPFire 2.21 Core Update 127 - Reflected Cross-Site Scripting via updatexlrator.cgi Parameters
IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads in the MAX_DISK_USAGE or MAX_DOWNLOAD_RATE parameters to execute arbitrary JavaScript in users' browsers.
CVSS 6.1
CVE-2019-25400 EXPLOITDB MEDIUM text WORKING POC
IPFire 2.21 Core Update 127 - Reflected Cross-Site Scripting in fwhosts.cgi via Multiple Parameters
IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the fwhosts.cgi script that allow attackers to inject malicious scripts through multiple parameters including HOSTNAME, IP, SUBNET, NETREMARK, HOSTREMARK, newhost, grp_name, remark, SRV_NAME, SRV_PORT, SRVGRP_NAME, SRVGRP_REMARK, and updatesrvgrp. Attackers can submit POST requests with script payloads in these parameters to execute arbitrary JavaScript in the context of authenticated users' browsers.
CVSS 5.4
CVE-2019-25399 EXPLOITDB MEDIUM text WORKING POC
IPFire 2.21 Core Update 127 - Stored Cross-Site Scripting via extrahd.cgi FS PATH and UUID Parameters
IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that allow attackers to inject malicious scripts through the FS, PATH, and UUID parameters. Attackers can submit POST requests with script payloads in these parameters to execute arbitrary JavaScript in the context of authenticated administrator sessions.
CVSS 6.4
CVE-2019-25398 EXPLOITDB MEDIUM text WORKING POC
IPFire 2.21 Core Update 127 - Cross-Site Scripting via ovpnmain.cgi VPN Configuration Parameters
IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Attackers can submit POST requests with script payloads in parameters like VPN_IP, DMTU, ccdname, ccdsubnet, DOVPN_SUBNET, DHCP_DOMAIN, DHCP_DNS, DHCP_WINS, ROUTES_PUSH, FRAGMENT, KEEPALIVE_1, and KEEPALIVE_2 to execute arbitrary JavaScript in administrator browsers.
CVSS 6.1
CVE-2019-25397 EXPLOITDB MEDIUM text WORKING POC
IPFire 2.21 Core Update 127 - Reflected Cross-Site Scripting via hosts.cgi Parameters
IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the KEY1, IP, HOST, or DOM parameters to execute arbitrary JavaScript in users' browsers.
CVSS 6.1
CVE-2019-25395 EXPLOITDB HIGH text WORKING POC
Smoothwall Express 3.1-SP4 Stored XSS via HOSTNAME/KEYMAP/OPENNESS Parameters
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the preferences.cgi script that allow attackers to inject malicious scripts through the HOSTNAME, KEYMAP, and OPENNESS parameters. Attackers can submit POST requests with script payloads to preferences.cgi to store malicious code that executes in the browsers of users accessing the preferences page.
CVSS 7.2
CVE-2019-25394 EXPLOITDB HIGH text WORKING POC
Smoothwall Express 3.1-SP4-polar-x86_64-update9 - Stored Cross-Site Scripting in modem.cgi
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKER_ON, SPEAKER_OFF, TONE_DIAL, and PULSE_DIAL to execute arbitrary JavaScript in users' browsers when the stored data is retrieved.
CVSS 7.2
CVE-2019-25393 EXPLOITDB MEDIUM text WORKING POC
Smoothwall Express 3.1-SP4 - Unauthenticated XSS via smoothinfo.cgi WRAP/SECTIONTITLE
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation. Attackers can submit POST requests to the smoothinfo.cgi endpoint with script payloads in the WRAP or SECTIONTITLE parameters to execute arbitrary JavaScript in victim browsers.
CVSS 6.1
CVE-2019-25392 EXPLOITDB MEDIUM text WORKING POC
Smoothwall Express 3.1-SP4-polar-x86_64-update9 - Unauthenticated Reflected Cross-Site Scripting via IP Parameter
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. Attackers can send POST requests to the iptools.cgi endpoint with script payloads in the IP parameter to execute arbitrary JavaScript in victim browsers.
CVSS 6.1
CVE-2019-25390 EXPLOITDB MEDIUM text WORKING POC
Smoothwall Express 3.1-SP4-polar-x86_64-update9 - Reflected Cross-Site Scripting in interfaces.cgi
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the interfaces.cgi script that allow attackers to inject malicious scripts through multiple parameters including GREEN_ADDRESS, GREEN_NETMASK, RED_DHCP_HOSTNAME, RED_ADDRESS, DNS1_OVERRIDE, DNS2_OVERRIDE, RED_MAC, RED_NETMASK, DEFAULT_GATEWAY, DNS1, and DNS2. Attackers can craft POST requests to interfaces.cgi with script payloads in these parameters to execute arbitrary JavaScript in the context of authenticated administrator sessions.
CVSS 5.4
CVE-2019-25389 EXPLOITDB MEDIUM text WORKING POC
Smoothwall Express 3.1-SP4-polar-x86_64-update9 - Unauthenticated Reflected Cross-Site Scripting via MACHINES Parameter
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the MACHINES parameter. Attackers can craft requests to the timedaccess.cgi endpoint with script payloads in the MACHINES parameter to execute arbitrary JavaScript in users' browsers.
CVSS 6.1
CVE-2019-25388 EXPLOITDB MEDIUM text WORKING POC
Smoothwall Express 3.1-SP4-polar-x86_64-update9 - Reflected XSS via ipblock.cgi SRC_IP/COMMENT
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRC_IP and COMMENT parameters in POST requests to execute arbitrary JavaScript in users' browsers.
CVSS 6.1
CVE-2019-25387 EXPLOITDB MEDIUM text WORKING POC
Smoothwall Express 3.1-SP4 Unauthenticated XSS via xtaccess.cgi
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the xtaccess.cgi endpoint. Attackers can inject script payloads through the EXT, DEST_PORT, or COMMENT parameters via POST requests to execute arbitrary JavaScript in victim browsers.
CVSS 6.1
CVE-2019-25386 EXPLOITDB MEDIUM text WORKING POC
Smoothwall Express 3.1-SP4-polar-x86_64-update9 - Reflected Cross-Site Scripting via dmzholes.cgi Parameters
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the SRC_IP, DEST_IP, or COMMENT parameters to execute arbitrary JavaScript in users' browsers.
CVSS 6.1
CVE-2019-25385 EXPLOITDB MEDIUM text WORKING POC
Smoothwall Express 3.1-SP4 Reflected XSS via MACHINE/MACHINECOMMENT
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the MACHINE and MACHINECOMMENT parameters. Attackers can send POST requests to the outgoing.cgi endpoint with script payloads to execute arbitrary JavaScript in users' browsers and steal session data.
CVSS 6.1