CVE-2025-8206
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-26

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability, which was classified as problematic, was found in Comodo Dragon up to 134.0.6998.179. This affects an unknown part of the component IP DNS Leakage Detector. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-26
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-07-26
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8206
EUVD
EUVD-2025-22800
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
comodo dragon to 134.0.6998.179 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-8206 is a cross-site scripting (XSS) vulnerability in the Comodo Dragon browser up to version 134.0.6998.179, specifically in the IP DNS Leakage Detector component. It occurs because user-controllable input is not properly neutralized before being included in web page output, allowing remote attackers to execute XSS attacks. The attack requires some user interaction but no authentication and is considered difficult to exploit. [1]


How can this vulnerability impact me? :

This vulnerability can impact you by allowing remote attackers to perform cross-site scripting attacks, which can compromise data integrity. Although the severity is low, the attack can be initiated remotely and may lead to unauthorized script execution in the context of the affected browser component, potentially leading to further attacks or data manipulation. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

There are no specific detection commands or network/system detection methods provided for this vulnerability. Detection would likely require monitoring for cross-site scripting attempts targeting the IP DNS Leakage Detector component in Comodo Dragon browser versions up to 134.0.6998.179, but no explicit commands or tools are mentioned. [1]


What immediate steps should I take to mitigate this vulnerability?

No known mitigations or countermeasures have been identified for this vulnerability. It is suggested to consider using alternative products as the vendor did not respond and no patches are available. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart