CVE-2019-25410

CVE Database · CVE-2019-25410

CVE-2019-25410

· MEDIUMAnalyzed

CVSS v3.1

6.1

CVSS v4.0

5.1

EPSS

0.34%

Published

Feb 19, 2026

Modified

Feb 20, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. Attackers can submit POST requests to the policy routing endpoint with script payloads in these parameters to execute arbitrary JavaScript in users' browsers.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-79

Affected Products (1)

comodo · dome_firewallvulnerable

References (4)

https://cdome.comodo.com/firewall/

Product

https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278

Not Applicable

https://www.exploit-db.com/exploits/46408

ExploitVDB Entry

https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-scripting-via-policyrouting

Broken Link

KEV Catalog EPSS Scores Vendors All CVEs