Unrated severityNVD Advisory· Published Feb 19, 2026· Updated Mar 2, 2026
Comodo Dome Firewall 2.7.0 Stored Cross-Site Scripting via admins
CVE-2019-25404
Description
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input through admin management parameters. Attackers can inject script payloads in the admin_name, name, and surname parameters via POST requests to the /korugan/admins endpoint, which are stored and executed when administrators access the interface.
Affected products
2- Range: =2.7.0
- Comodo/Comodo Dome Firewallv5Range: 2.7.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.exploit-db.com/exploits/46408mitreexploit
- www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scripting-via-adminsmitrethird-party-advisory
- cdome.comodo.com/firewall/mitreproduct
- secure.comodo.com/home/purchase.phpmitreproduct
News mentions
0No linked articles in our index yet.