Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Comodo Dome Firewall 2.7.0 allows attackers to inject malicious scripts
CVE-2019-25428
Summary
The Comodo Dome Firewall 2.7.0 has a security flaw that lets attackers send malicious code to users' browsers through the Comodo Dome Firewall's settings page. This could allow attackers to steal sensitive information or take control of users' computers. Update to the latest version of Comodo Dome Firewall to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| comodo | dome_firewall | 2.7.0 | – |
Original title
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpn_users endpoint that allow attackers to inject malicious scripts through POST parameters. A...
Original description
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpn_users endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payloads in the username, remotenets, explicitroutes, static_ip, custom_dns, or custom_domain parameters to execute arbitrary JavaScript in users' browsers.
nvd CVSS3.1
6.1
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
- https://cdome.comodo.com/firewall/ Product
- https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=92... Not Applicable
- https://www.exploit-db.com/exploits/46408 Exploit Third Party Advisory
- https://www.vulncheck.com/advisories/comodo-dome-firewall-cross-site-scripting-v... Broken Link
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026