CVE-2019-25425

Description

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUS_ADMIN parameter. Attackers can send POST requests to the smtpconfig endpoint with script payloads to execute arbitrary JavaScript in the context of an administrator's browser session.

PUBLISHED Reserved 2026-02-18 | Published 2026-02-19 | Updated 2026-02-19 | Assigner VulnCheck

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Credits

Ozer Goker finder

References

www.exploit-db.com/exploits/46408 (ExploitDB-46408) exploit

cdome.comodo.com/firewall/ (Comodo Dome Firewall Official Homepage) product

secure.comodo.com/...?pid=106&license=try&track=9278&af=9278 (Comodo Dome Firewall Purchase Page) product

www.vulncheck.com/...ted-cross-site-scripting-via-smtpconfig (VulnCheck Advisory: Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via smtpconfig) third-party-advisory

cve.org (CVE-2019-25425)

nvd.nist.gov (CVE-2019-25425)

Download JSON