CVE-2019-25419
Published: 19 February 2026
Summary
CVE-2019-25419 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Comodo Dome Firewall. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
CVE-2019-25419 is a stored cross-site scripting (XSS) vulnerability, classified under CWE-79, affecting Comodo Dome Firewall version 2.7.0. The issue resides in the schedule endpoint, where attackers can inject malicious JavaScript payloads via crafted input in the SCHNAME parameter of POST requests. This stored XSS flaw enables persistent script injection that activates upon page access.
Unauthenticated attackers (PR:N) with network access (AV:N) can exploit the vulnerability with low complexity (AC:L) and no required user interaction (UI:N). By submitting a POST request containing a JavaScript payload in the SCHNAME parameter, the script is stored and executes arbitrary code in the browsers of administrators who subsequently view the schedule page. The attack changes scope (S:C), resulting in low impacts to confidentiality and integrity (C:L/I:L) but no availability disruption (A:N), with an overall CVSS v3.1 base score of 7.2.
Advisories and related resources include the VulnCheck advisory at https://www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scripting-via-schedule, which details the stored XSS via the schedule endpoint. A proof-of-concept exploit is publicly available at https://www.exploit-db.com/exploits/46408. Comodo product pages are referenced at https://cdome.comodo.com/firewall/ and https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-19685
Vulnerability details
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the schedule endpoint. Attackers can submit POST requests with JavaScript payloads in the SCHNAME parameter to execute arbitrary…
more
code in administrators' browsers when the schedule page is accessed.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS in public-facing web management interface directly enables unauthenticated exploitation (T1190) and arbitrary JavaScript execution in victim browsers (T1059.007).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of inputs such as the SCHNAME parameter to reject or sanitize JavaScript payloads before they are stored at the schedule endpoint.
Requires filtering of information returned by the schedule page so that stored script payloads are removed or escaped before execution in an administrator browser.
Provides mechanisms to detect and block malicious code (including injected scripts) from being stored or executed within the firewall's web interface.