CVE-2019-25409

CVE Database · CVE-2019-25409

CVE-2019-25409

· MEDIUMAnalyzed

CVSS v3.1

6.1

CVSS v4.0

5.1

EPSS

0.34%

Published

Feb 19, 2026

Modified

Feb 20, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the destination parameter. Attackers can send POST requests to the routing endpoint with script payloads in the destination parameter to execute arbitrary JavaScript in users' browsers.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-79

Affected Products (1)

comodo · dome_firewallvulnerable

References (4)

https://cdome.comodo.com/firewall/

Product

https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278

Not Applicable

https://www.exploit-db.com/exploits/46408

Exploit

https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-scripting-via-routing

Third Party AdvisoryVDB Entry

KEV Catalog EPSS Scores Vendors All CVEs