CVE-2019-25404

🗓️ 19 Feb 2026 12:02:22Reported by VulnCheckType

cve🔗 web.nvd.nist.gov👁 13 Views🌐 WEB

Comodo Dome Firewall 2.7.0 stores script injections via admin fields in POST to /korugan/admins, executed on admin access.

Reporter	Title	Published	Views	Family All 7
ATTACKERKB	CVE-2019-25404	19 Feb 202612:02	–	attackerkb
CNNVD	Comodo Dome Firewall 跨站脚本漏洞	19 Feb 202600:00	–	cnnvd
Cvelist	CVE-2019-25404 Comodo Dome Firewall 2.7.0 Stored Cross-Site Scripting via admins	19 Feb 202612:02	–	cvelist
NVD	CVE-2019-25404	19 Feb 202613:16	–	nvd
OSV	CVE-2019-25404	19 Feb 202613:16	–	osv
Positive Technologies	PT-2026-20807	19 Feb 202600:00	–	ptsecurity
Vulnrichment	CVE-2019-25404 Comodo Dome Firewall 2.7.0 Stored Cross-Site Scripting via admins	19 Feb 202612:02	–	vulnrichment

NVD

Vulners

CNA

Node

comodo dome_firewallRange≤2.7.0

[
  {
    "vendor": "Comodo",
    "product": "Comodo Dome Firewall",
    "versions": [
      {
        "version": "2.7.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
exploit-db	www.exploit-db.com/exploits/46408
secure	www.secure.comodo.com/home/purchase.php
cdome	www.cdome.comodo.com/firewall/
vulncheck	www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scripting-via-admins

Parameter	Position	Path	Description	CWE
admin_name	request body	/korugan/admins	Stored XSS via crafted inputs in admin management parameters submitted to /korugan/admins, executed when administrators access the interface.	CWE-79
name	request body	/korugan/admins	Stored XSS via crafted inputs in admin management parameters submitted to /korugan/admins, executed when administrators access the interface.	CWE-79
surname	request body	/korugan/admins	Stored XSS via crafted inputs in admin management parameters submitted to /korugan/admins, executed when administrators access the interface.	CWE-79

17 Jun 2026 02:32Current

5.2Medium risk

Vulners AI Score5.2

CVSS 3.15.4 - 6.4

CVSS 45.1

EPSS0.00301

SSVC

CWE-79