CVE-2019-25403

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the comment parameter. Attackers can inject JavaScript code through the admin_profiles endpoint that executes in the browsers of other users who view the affected page.

CVSS v3 6.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://cdome.comodo.com/firewall/	Product
https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278	Not Applicable
https://www.exploit-db.com/exploits/46408	Exploit Third Party Advisory
https://www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scripting-via-adminprofiles	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:comodo:dome_firewall:2.7.0:*:*:*:*:*:*:*

History

17 Jun 2026, 02:32

Type	Values Removed	Values Added
Summary		(es) Comodo Dome Cortafuegos 2.7.0 contiene una vulnerabilidad de cross-site scripting almacenado que permite a atacantes autenticados inyectar scripts maliciosos al enviar entrada manipulada al parámetro de comentario. Los atacantes pueden inyectar código JavaScript a través del endpoint admin_profiles que se ejecuta en los navegadores de otros usuarios que ven la página afectada.

20 Feb 2026, 17:20

Type	Values Removed	Values Added
First Time		Comodo Comodo dome Firewall
CPE		cpe:2.3:a:comodo:dome_firewall:2.7.0:::::::*
References	~~() https://cdome.comodo.com/firewall/ -~~	() https://cdome.comodo.com/firewall/ - Product
References	~~() https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278 -~~	() https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278 - Not Applicable
References	~~() https://www.exploit-db.com/exploits/46408 -~~	() https://www.exploit-db.com/exploits/46408 - Exploit, Third Party Advisory
References	~~() https://www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scripting-via-adminprofiles -~~	() https://www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scripting-via-adminprofiles - Broken Link

19 Feb 2026, 13:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-19 13:16

Updated : 2026-06-17 02:32

NVD link : CVE-2019-25403

Mitre link : CVE-2019-25403

CVE.ORG link : CVE-2019-25403

JSON object : View

Products Affected

comodo

dome_firewall

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.4 /10