CVE Database · CVE-2019-25428
CVSS v3.1
6.1
CVSS v4.0
5.1
EPSS
0.33%
Published
Feb 19, 2026
Modified
Feb 20, 2026
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpn_users endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payloads in the username, remotenets, explicitroutes, static_ip, custom_dns, or custom_domain parameters to execute arbitrary JavaScript in users' browsers.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NWeaknesses (CWE)
Affected Products (1)
References (4)