Cyber Resilience

CVE-2019-25419

MediumPublic PoC

Published: 19 February 2026

Published
19 February 2026
Modified
20 February 2026
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0002 5.6th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-25419 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Comodo Dome Firewall. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2019-25419 is a stored cross-site scripting (XSS) vulnerability, classified under CWE-79, affecting Comodo Dome Firewall version 2.7.0. The issue resides in the schedule endpoint, where attackers can inject malicious JavaScript payloads via crafted input in the SCHNAME parameter of POST requests. This stored XSS flaw enables persistent script injection that activates upon page access.

Unauthenticated attackers (PR:N) with network access (AV:N) can exploit the vulnerability with low complexity (AC:L) and no required user interaction (UI:N). By submitting a POST request containing a JavaScript payload in the SCHNAME parameter, the script is stored and executes arbitrary code in the browsers of administrators who subsequently view the schedule page. The attack changes scope (S:C), resulting in low impacts to confidentiality and integrity (C:L/I:L) but no availability disruption (A:N), with an overall CVSS v3.1 base score of 7.2.

Advisories and related resources include the VulnCheck advisory at https://www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scripting-via-schedule, which details the stored XSS via the schedule endpoint. A proof-of-concept exploit is publicly available at https://www.exploit-db.com/exploits/46408. Comodo product pages are referenced at https://cdome.comodo.com/firewall/ and https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278.

EU & UK References

Vulnerability details

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the schedule endpoint. Attackers can submit POST requests with JavaScript payloads in the SCHNAME parameter to execute arbitrary…

more

code in administrators' browsers when the schedule page is accessed.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
Why these techniques?

Stored XSS in public-facing web management interface directly enables unauthenticated exploitation (T1190) and arbitrary JavaScript execution in victim browsers (T1059.007).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2019-25405Same product: Comodo Dome Firewall
CVE-2019-25422Same product: Comodo Dome Firewall
CVE-2026-3231Shared CWE-79
CVE-2025-23481Shared CWE-79
CVE-2025-69302Shared CWE-79
CVE-2025-23734Shared CWE-79
CVE-2025-23571Shared CWE-79
CVE-2025-65110Shared CWE-79
CVE-2026-24948Shared CWE-79
CVE-2025-27352Shared CWE-79

Affected Assets

comodo
dome firewall
≤ 2.7.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of inputs such as the SCHNAME parameter to reject or sanitize JavaScript payloads before they are stored at the schedule endpoint.

prevent

Requires filtering of information returned by the schedule page so that stored script payloads are removed or escaped before execution in an administrator browser.

preventdetect

Provides mechanisms to detect and block malicious code (including injected scripts) from being stored or executed within the firewall's web interface.

References