Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Comodo Dome Firewall: Attacker Can Inject Malicious Scripts
CVE-2019-25404
Summary
Authenticated attackers can inject malicious scripts into Comodo Dome Firewall's admin interface, potentially taking control of the system. This can happen when a user submits special input through the admin management section. To protect against this, update Comodo Dome Firewall to the latest version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| comodo | dome_firewall | <= 2.7.0 | – |
Original title
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input through admin management ...
Original description
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input through admin management parameters. Attackers can inject script payloads in the admin_name, name, and surname parameters via POST requests to the /korugan/admins endpoint, which are stored and executed when administrators access the interface.
nvd CVSS3.1
5.4
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
- https://cdome.comodo.com/firewall/ Product
- https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=92... Not Applicable
- https://www.exploit-db.com/exploits/46408 Exploit Third Party Advisory
- https://www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scri... Third Party Advisory
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026