CVE-2019-25419
Undergoing Analysis Undergoing Analysis - In Progress
Stored XSS in Comodo Dome Firewall 2.7.0 Schedule Endpoint

Publication date: 2026-02-19

Last updated on: 2026-02-20

Assigner: VulnCheck

Description
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the schedule endpoint. Attackers can submit POST requests with JavaScript payloads in the SCHNAME parameter to execute arbitrary code in administrators' browsers when the schedule page is accessed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-19
Last Modified
2026-02-20
Generated
2026-06-16
AI Q&A
2026-02-19
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25419
EUVD
EUVD-2019-19685
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
comodo dome_firewall to 2.7.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25419 is a stored cross-site scripting (XSS) vulnerability in Comodo Dome Firewall version 2.7.0. It occurs due to improper input sanitization in the schedule endpoint, specifically in the SCHNAME parameter.

Attackers can exploit this vulnerability by submitting crafted POST requests containing malicious JavaScript payloads in the SCHNAME parameter. When an administrator later accesses the schedule page, the injected script executes in their browser, allowing arbitrary code execution.

Impact Analysis

This vulnerability allows attackers to execute arbitrary JavaScript code in the browsers of administrators who access the affected schedule page.

The impact includes potential compromise of administrator sessions, theft of sensitive information, or unauthorized actions performed with administrator privileges.

According to the CVSS v4.0 score of 5.3, the attack is network-based with low complexity and requires user interaction, with low confidentiality and integrity impacts and no availability impact.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for POST requests to the schedule endpoint that include suspicious or crafted JavaScript payloads in the SCHNAME parameter.'}, {'type': 'paragraph', 'content': 'A practical approach is to inspect web server logs or use network traffic analysis tools to identify such POST requests.'}, {'type': 'list_item', 'content': 'Use tools like curl or wget to test the schedule endpoint by sending crafted POST requests with JavaScript in the SCHNAME parameter.'}, {'type': 'list_item', 'content': 'Example curl command to test for the vulnerability: curl -X POST -d "SCHNAME=<script>alert(1)</script>" http://<target-ip>/schedule'}, {'type': 'list_item', 'content': 'Use web application scanners or proxy tools (e.g., Burp Suite) to automate detection of stored XSS in the schedule endpoint.'}] [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the schedule endpoint to trusted administrators only and monitoring or blocking suspicious POST requests containing script payloads in the SCHNAME parameter.

Additionally, applying input validation and sanitization on the SCHNAME parameter to prevent script injection is critical.

If available, update Comodo Dome Firewall to a version that patches this vulnerability.

As a temporary workaround, consider disabling or limiting the schedule feature until a fix is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25419. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart