CVE-2019-25421

MEDIUM

Comodo Dome Firewall 2.7.0 - XSS

Title source: llm

Description

Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the policyfw endpoint. Attackers can submit POST requests with JavaScript payloads in the mac, target, and remark parameters to execute arbitrary code in administrator browsers or store persistent scripts in the application.

Exploits (1)

exploitdb WORKING POC
by Ozer Goker · textwebappsmultiple
https://www.exploit-db.com/exploits/46408

References (4)

Scores

CVSS v3 6.1
EPSS 0.0004
EPSS Percentile 10.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-79
Status published

Affected Products (1)

comodo/dome_firewall < 2.7.0

Timeline

Published Feb 19, 2026
Tracked Since Feb 19, 2026