CVE-2019-25415
MEDIUMComodo Dome Firewall 2.7.0 - XSS
Title source: llmDescription
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the hotspot_permanent_users endpoint. Attackers can send POST requests with JavaScript payloads in the MACADDRESSES parameter to execute arbitrary scripts in users' browsers.
Exploits (1)
Scores
CVSS v3
6.1
EPSS
0.0004
EPSS Percentile
10.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Classification
CWE
CWE-79
Status
published
Affected Products (1)
comodo/dome_firewall
Timeline
Published
Feb 19, 2026
Tracked Since
Feb 19, 2026