CVE-2019-25424 – Comodo Dome Firewall 2.7.0 contains a reflected... (How to Fix)

Q: What is the severity of CVE-2019-25424?

CVE-2019-25424 has a CVSS score of 6.1 (MEDIUM). Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability in the EXCEPTIONSITELIST parameter. Attackers can inject malicious JavaScript via POST requests to the https_exceptions endpoint, potentially stealing session cookies or performing actions as authenticated users. This affects administrators and users accessing the firewall web interface.

📋 TL;DR

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability in the EXCEPTIONSITELIST parameter. Attackers can inject malicious JavaScript via POST requests to the https_exceptions endpoint, potentially stealing session cookies or performing actions as authenticated users. This affects administrators and users accessing the firewall web interface.

💻 Affected Systems

Products:

Comodo Dome Firewall

Versions: 2.7.0

Operating Systems: All supported OS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects web management interface; requires user interaction to trigger the malicious payload.

📦 What is this software?

Dome Firewall by Comodo

View all CVEs affecting Dome Firewall →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator session cookies, gain full administrative access to the firewall, reconfigure rules, disable security controls, or pivot to internal networks.

🟠

Likely Case

Attackers steal user session data, perform actions as authenticated users, or redirect to phishing sites.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts are neutralized before execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the victim to click a malicious link while authenticated; exploit code is publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.8.0 or later

Vendor Advisory: https://cdome.comodo.com/firewall/

Restart Required: Yes

Instructions:

1. Log into Comodo support portal. 2. Download latest version (2.8.0+). 3. Backup configuration. 4. Install update. 5. Restart firewall services.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement web application firewall rules to sanitize EXCEPTIONSITELIST parameter inputs.

# Example mod_security rule for Apache:
SecRule ARGS:EXCEPTIONSITELIST "@rx <script" "id:1001,phase:2,deny,status:403,msg:'XSS attempt detected'"

Content Security Policy

all

Implement CSP headers to restrict script execution sources.

# Add to web server configuration:
Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
# For Apache: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"

🧯 If You Can't Patch

Restrict firewall management interface access to trusted IP addresses only using network ACLs.
Implement session timeout policies and require re-authentication for sensitive actions.

🔍 How to Verify

Check if Vulnerable:

Test by submitting <script>alert('XSS')</script> to EXCEPTIONSITELIST parameter via POST to https_exceptions endpoint; if alert executes, system is vulnerable.

Check Version:

Log into web interface and check version in dashboard or run: # grep 'Version' /opt/comodo/dome/version.txt

Verify Fix Applied:

Repeat vulnerability test; script should be properly encoded or blocked. Check version is 2.8.0 or higher.

📡 Detection & Monitoring

Log Indicators:

POST requests to /https_exceptions with script tags in parameters
Unusual parameter values containing JavaScript keywords in web logs

Network Indicators:

HTTP requests with EXCEPTIONSITELIST parameter containing <script> tags
Outbound connections to suspicious domains following management interface access

SIEM Query:

source="firewall_web_logs" AND (method="POST" AND uri="/https_exceptions" AND (param="EXCEPTIONSITELIST" AND value="*<script>*"))

📊 Metadata

CVE ID: CVE-2019-25424

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: February 19, 2026

Last Updated: February 20, 2026

🔗 References

https://cdome.comodo.com/firewall/ Product
https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278 Not Applicable
https://www.exploit-db.com/exploits/46408 Exploit,Third Party Advisory
https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-scripting-via-httpsexceptions Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-25424, you might also want to check these: