Login Sign Up

CVE-2019-25413

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability in the ID parameter of the /manage/ips/rules/ endpoint. Unauthenticated attackers can inject malicious JavaScript that executes in victim browsers when they visit crafted URLs. This affects all users of Comodo Dome Firewall 2.7.0 with the vulnerable endpoint accessible.

💻 Affected Systems

Products:
  • Comodo Dome Firewall
Versions: 2.7.0
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default configuration of the firewall management interface.

📦 What is this software?

Dome Firewall by Comodo

View all CVEs affecting Dome Firewall →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on administrator systems.

🟠

Likely Case

Session hijacking leading to unauthorized firewall configuration changes, credential theft, or redirection to phishing sites.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented, though some information disclosure may still occur.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available on Exploit-DB, making this easily weaponizable by attackers with basic web skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not publicly available

Restart Required: No

Instructions:

Check Comodo's official channels for security updates. Upgrade to the latest version if available. If no patch exists, implement workarounds immediately.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Implement WAF rules to block malicious script patterns in the ID parameter

Depends on specific WAF platform

Input Validation Filter

all

Add server-side validation to reject or sanitize script tags in the ID parameter

Implementation specific to application code

🧯 If You Can't Patch

  • Restrict access to the /manage/ips/rules/ endpoint to trusted IP addresses only
  • Implement Content Security Policy (CSP) headers to restrict script execution

🔍 How to Verify

Check if Vulnerable:

Test by accessing https://[firewall-ip]/manage/ips/rules/?id=<script>alert('XSS')</script> and checking if script executes

Check Version:

Check firewall web interface or administrative console for version information

Verify Fix Applied:

Retest with the same payload after implementing fixes to confirm script does not execute

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to /manage/ips/rules/ with script tags or JavaScript in ID parameter
  • Unusual length or character patterns in ID parameter values

Network Indicators:

  • HTTP GET requests containing script payloads in query parameters
  • Requests to management interface from unexpected sources

SIEM Query:

source="firewall_logs" AND uri_path="/manage/ips/rules/" AND (query_string CONTAINS "<script>" OR query_string CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2019-25413
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: February 19, 2026
Last Updated: February 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-25413, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)