CVE-2019-25422

HIGH

Comodo Dome Firewall 2.7.0 - XSS

Title source: llm

Description

Comodo Dome Firewall 2.7.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the vpnfw endpoint. Attackers can submit POST requests with script payloads in the target parameter for reflected XSS or the remark parameter for stored XSS to execute arbitrary JavaScript in administrator browsers.

Exploits (1)

exploitdb WORKING POC
by Ozer Goker · textwebappsmultiple
https://www.exploit-db.com/exploits/46408

References (4)

Scores

CVSS v3 7.2
EPSS 0.0003
EPSS Percentile 8.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Classification

CWE
CWE-79
Status published

Affected Products (1)

comodo/dome_firewall < 2.7.0

Timeline

Published Feb 19, 2026
Tracked Since Feb 19, 2026