CVE-2019-25410

medium

Description

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. Attackers can submit POST requests to the policy routing endpoint with script payloads in these parameters to execute arbitrary JavaScript in users' browsers.

References

https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-scripting-via-policyrouting

https://www.exploit-db.com/exploits/46408

https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278

https://cdome.comodo.com/firewall/

Details

Source: Mitre, NVD

Published: 2026-02-19

Updated: 2026-02-19

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 5.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Severity: Medium