Dragon
Monthly
An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives
Cross-site scripting (XSS) in Comodo Dragon up to version 134.0.6998.179 affects the IP DNS Leakage Detector component, allowing remote attackers to inject malicious scripts. The vulnerability requires user interaction and involves high attack complexity, resulting in limited integrity impact. Public exploit code exists and the vendor has not responded to disclosure, though EPSS scoring (0.05%, 15th percentile) and lack of CISA KEV listing suggest low real-world exploitation likelihood despite proof-of-concept availability.
Comodo Dragon up to version 134.0.6998.179 transmits sensitive DNS information in cleartext via its IP DNS Leakage Detector component, allowing remote attackers to intercept and read this data. The vulnerability has a low CVSS score of 2.9 (limited confidentiality impact) but is marked as having publicly available exploit code with difficult exploitation complexity. The vendor was notified but did not respond, and active exploitation is not confirmed despite public disclosure.
Comodo Dragon browser versions up to 134.0.6998.179 contain an HSTS Handler vulnerability that bypasses security checks for standard compliance, allowing remote attackers with user interaction to disclose sensitive information. The CVSS score of 1.3 reflects high attack complexity and limited integrity impact, but public exploit code is available and the vendor did not respond to early disclosure, leaving affected users without official patches.
An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives
Cross-site scripting (XSS) in Comodo Dragon up to version 134.0.6998.179 affects the IP DNS Leakage Detector component, allowing remote attackers to inject malicious scripts. The vulnerability requires user interaction and involves high attack complexity, resulting in limited integrity impact. Public exploit code exists and the vendor has not responded to disclosure, though EPSS scoring (0.05%, 15th percentile) and lack of CISA KEV listing suggest low real-world exploitation likelihood despite proof-of-concept availability.
Comodo Dragon up to version 134.0.6998.179 transmits sensitive DNS information in cleartext via its IP DNS Leakage Detector component, allowing remote attackers to intercept and read this data. The vulnerability has a low CVSS score of 2.9 (limited confidentiality impact) but is marked as having publicly available exploit code with difficult exploitation complexity. The vendor was notified but did not respond, and active exploitation is not confirmed despite public disclosure.
Comodo Dragon browser versions up to 134.0.6998.179 contain an HSTS Handler vulnerability that bypasses security checks for standard compliance, allowing remote attackers with user interaction to disclose sensitive information. The CVSS score of 1.3 reflects high attack complexity and limited integrity impact, but public exploit code is available and the vendor did not respond to early disclosure, leaving affected users without official patches.