Login Sign Up

CVE-2019-25409

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability in the destination parameter of routing endpoints. Attackers can inject malicious JavaScript via POST requests, which executes in victims' browsers when they visit manipulated links. Organizations using Comodo Dome Firewall 2.7.0 are affected.

💻 Affected Systems

Products:
  • Comodo Dome Firewall
Versions: 2.7.0
Operating Systems: Not specified, likely appliance-based
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the routing endpoint's destination parameter handling. No special configuration required for exploitation.

📦 What is this software?

Dome Firewall by Comodo

View all CVEs affecting Dome Firewall →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware via browser exploitation.

🟠

Likely Case

Session hijacking leading to unauthorized firewall configuration changes, credential theft, or phishing attacks against administrators.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented, though some information disclosure may still occur.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit requires user interaction (clicking malicious link) but no authentication. Public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: Not found in provided references

Restart Required: No

Instructions:

Check Comodo vendor website for security updates. Upgrade to latest version if available. If no patch, implement workarounds.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation on the destination parameter to reject script tags and special characters

Not applicable - requires code changes

Output Encoding

all

Apply proper output encoding when displaying destination parameter values in responses

Not applicable - requires code changes

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block XSS payloads in POST requests
  • Restrict access to firewall management interface to trusted IP addresses only

🔍 How to Verify

Check if Vulnerable:

Test by sending POST request to routing endpoint with <script>alert('XSS')</script> in destination parameter

Check Version:

Check firewall web interface or CLI for version information

Verify Fix Applied:

Verify script payloads are properly sanitized or rejected in responses

📡 Detection & Monitoring

Log Indicators:

  • POST requests to routing endpoints with script-like content in parameters
  • Unusual parameter values containing JavaScript syntax

Network Indicators:

  • HTTP requests with encoded script tags in POST body parameters
  • Traffic to firewall management interface from unexpected sources

SIEM Query:

http.method:POST AND http.uri:"/routing" AND (http.param:*script* OR http.param:*alert*)

📊 Metadata

CVE ID: CVE-2019-25409
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: February 19, 2026
Last Updated: February 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-25409, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)