CVE-2019-25419
Stored XSS in Comodo Dome Firewall 2.7.0 Schedule Endpoint
Publication date: 2026-02-19
Last updated on: 2026-02-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| comodo | dome_firewall | to 2.7.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25419 is a stored cross-site scripting (XSS) vulnerability in Comodo Dome Firewall version 2.7.0. It occurs due to improper input sanitization in the schedule endpoint, specifically in the SCHNAME parameter.
Attackers can exploit this vulnerability by submitting crafted POST requests containing malicious JavaScript payloads in the SCHNAME parameter. When an administrator later accesses the schedule page, the injected script executes in their browser, allowing arbitrary code execution.
How can this vulnerability impact me? :
This vulnerability allows attackers to execute arbitrary JavaScript code in the browsers of administrators who access the affected schedule page.
The impact includes potential compromise of administrator sessions, theft of sensitive information, or unauthorized actions performed with administrator privileges.
According to the CVSS v4.0 score of 5.3, the attack is network-based with low complexity and requires user interaction, with low confidentiality and integrity impacts and no availability impact.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for POST requests to the schedule endpoint that include suspicious or crafted JavaScript payloads in the SCHNAME parameter.'}, {'type': 'paragraph', 'content': 'A practical approach is to inspect web server logs or use network traffic analysis tools to identify such POST requests.'}, {'type': 'list_item', 'content': 'Use tools like curl or wget to test the schedule endpoint by sending crafted POST requests with JavaScript in the SCHNAME parameter.'}, {'type': 'list_item', 'content': 'Example curl command to test for the vulnerability: curl -X POST -d "SCHNAME=<script>alert(1)</script>" http://<target-ip>/schedule'}, {'type': 'list_item', 'content': 'Use web application scanners or proxy tools (e.g., Burp Suite) to automate detection of stored XSS in the schedule endpoint.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the schedule endpoint to trusted administrators only and monitoring or blocking suspicious POST requests containing script payloads in the SCHNAME parameter.
Additionally, applying input validation and sanitization on the SCHNAME parameter to prevent script injection is critical.
If available, update Comodo Dome Firewall to a version that patches this vulnerability.
As a temporary workaround, consider disabling or limiting the schedule feature until a fix is applied.