CVE-2019-25417

CVE Database · CVE-2019-25417

CVE-2019-25417

· MEDIUMAnalyzed

CVSS v3.1

6.1

CVSS v4.0

5.1

EPSS

0.40%

Published

Feb 19, 2026

Modified

Feb 20, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the protocol parameter. Attackers can send POST requests to the QoS rules management endpoint with JavaScript payloads in the protocol parameter to execute arbitrary code in administrator browsers.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-79

Affected Products (1)

comodo · dome_firewallvulnerable

References (4)

https://cdome.comodo.com/firewall/

Product

https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278

Not Applicable

https://www.exploit-db.com/exploits/46408

ExploitThird Party Advisory

https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-scripting-via-qos-rules

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs