Unrated severityNVD Advisory· Published Feb 19, 2026· Updated Mar 2, 2026
Comodo Dome Firewall 2.7.0 Stored Cross-Site Scripting via license_activation
CVE-2019-25405
Description
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the newLicense parameter. Attackers can send POST requests to the license activation endpoint with script payloads in the newLicense field to execute arbitrary JavaScript in administrators' browsers.
Affected products
2- Range: = 2.7.0
- Comodo/Comodo Dome Firewallv5Range: 2.7.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.exploit-db.com/exploits/46408mitreexploit
- www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scripting-via-licenseactivationmitrethird-party-advisory
- cdome.comodo.com/firewall/mitreproduct
- secure.comodo.com/home/purchase.phpmitreproduct
News mentions
0No linked articles in our index yet.