CVE-2019-25421

CVE Database · CVE-2019-25421

CVE-2019-25421

· MEDIUMAnalyzed

CVSS v3.1

6.1

CVSS v4.0

5.1

EPSS

0.40%

Published

Feb 19, 2026

Modified

Feb 20, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the policyfw endpoint. Attackers can submit POST requests with JavaScript payloads in the mac, target, and remark parameters to execute arbitrary code in administrator browsers or store persistent scripts in the application.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-79

Affected Products (1)

comodo · dome_firewallvulnerable

References (4)

https://cdome.comodo.com/firewall/

Product

https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278

Not Applicable

https://www.exploit-db.com/exploits/46408

ExploitThird Party Advisory

https://www.vulncheck.com/advisories/comodo-dome-firewall-cross-site-scripting-via-policyfw

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs