CVE-2019-25426

Description

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the dnsmasq endpoint. Attackers can send POST requests with script payloads in the TRANSPARENT_SOURCE_BYPASS or TRANSPARENT_DESTINATION_BYPASS parameters to execute arbitrary JavaScript in users' browsers.

PUBLISHED Reserved 2026-02-18 | Published 2026-02-19 | Updated 2026-02-19 | Assigner VulnCheck

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Credits

Ozer Goker finder

References

www.exploit-db.com/exploits/46408 (ExploitDB-46408) exploit

cdome.comodo.com/firewall/ (Comodo Dome Firewall Homepage) product

secure.comodo.com/...?pid=106&license=try&track=9278&af=9278 (Comodo Dome Firewall Purchase Page) product

www.vulncheck.com/...rewall-cross-site-scripting-via-dnsmasq (VulnCheck Advisory: Comodo Dome Firewall 2.7.0 Cross-Site Scripting via dnsmasq) third-party-advisory

cve.org (CVE-2019-25426)

nvd.nist.gov (CVE-2019-25426)

Download JSON