Comodo Dome Firewall 2.7.0 Cross-Site Scripting via policyfw

Advisories

Comodo Dome Firewall 2.7.0 Cross-Site Scripting via policyfw

severity: medium
date: 2/19/2026
Affecting: Comodo Dome Firewall <= 2.7.0
CVE: CVE-2019-25421
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS: 5.1
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
References: ExploitDB-46408
Comodo Dome Firewall Official Homepage
Comodo Dome Firewall Purchase Page
Credit: Ozer Goker
Description: Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the policyfw endpoint. Attackers can submit POST requests with JavaScript payloads in the mac, target, and remark parameters to execute arbitrary code in administrator browsers or store persistent scripts in the application.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo