I found vulnerability in Comodo websites!! | Maor Dayan


I found vulnerabilities (2 Stored XSS + bypass to Reflected XSS) in Comodo website . i sent a few reports at https://www.comodo.com/resources/report-security-flaw/index.php and also via email and via Facebook and via support but didn’t got any answer
please check my reports and reply back to my email or Facebook(look it up in my website) and we will speak about it

Maor Dayan

Hello MaorDayan,

Thank you for reporting.We will check this.
Have a nice day!

just contact me via email(you can see my email if you are admin) or via my Facebook page(Maor Dayan) and I will send to one of your IT guys/women the reports again(for the 50th time ) with a detailed POC videos for every vulnerability

Maor Dayan

if you won’t check or contact me I’ll just go to the US-Cert https://www.us-cert.gov and report about it and then publish my finding, I worked very hard to try and protect your company and customers !

Maor Dayan,

Hello MaorDayan,Reported to corresponding team and they are aware of this & checking in it.

Thank you Dharshu , I just want the credit I deserve for my finding I work hard to keep companies safe and i did this for Comodo for free.

Maor Dayan,

Yeah,it’s an great effort and its appreciable :).

Thank you !!! just tell them to tell me when its been fix it is very important
and it will be great if I could get a direct number(with WhatsApp) in case I will find something else that need to be fix immediately :slight_smile:

Maor Dayan,

For any queries (or) suggestions it’s always advised to contact via forum else email to REPORT VULNERABILITIES.
Hope you will understand that :).

ok, but I sent it at Comodo official vulnerability report so ן thought it was better there than in the forum,
just tell them to check by name and email the reports fix them, tell me about it when it is fix and just give me a thank you letter :slight_smile:
I think I deserve one :wink:

Maor Dayan.

Sure,Once completed I will notify you.

I sent you a private massage, Dharshu please see it

Please calm down a bit. Your findings are being analyzed and that will take time. How many separate issues did you submit?

Please stop pressurizing Comodo Staff; they are working very hard here at the forums and at Comodo. You are operating aggressively when ‘threatening’ to report to US-Cert, asking for phone numbers, urging staff to make sure they check their emails and ‘demanding’ to receive props. Your behavior is a bit too eager at times and has raised a few eye brows with us mods.

I submitted a few times and if he will check my private message I sent to him you will find out I sent all the videos and all the things you need to fix the vulnerabilities as fast as possible and I am not threatening I am saying because I sent like 50 times and didn’t got a single respond…‘sorry’ that I try to protect your clients and employees…

I just want to help…

and why do you have a vulnerability report form(https://www.comodo.com/resources/report-security-flaw/index.php) if no one answer?

I unfortunately don’t know why that channel is not responding to website related issues.

I found another reflected XSS can i send it in a private message ?

Maor Dayan,

@Maor Dayan,Yes please.

Hello EricJH, I have reported them to check those emails and they will taking care of it properly.


Can the https://www.comodo.com/resources/report-security-flaw/index.php page also be used to report security issues with Comodo websites? Is that a correct understanding?

Yes EricJH.