CVE-2019-25424 MEDIUM

CVE-2019-25424: Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via https_exceptions

Vendor Comodo

Product Comodo Dome Firewall

Weakness CWE-79 · XSS

Published February 19, 2026

Last update May 24, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the EXCEPTIONSITELIST parameter. Attackers can craft POST requests to the https_exceptions endpoint with script payloads to execute arbitrary JavaScript in users' browsers and steal session data.

Key dates

02Disclosure timeline

February 19, 2026 CVE published

May 24, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-25424 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-23574 WordPress CubePM plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-9421 Login Logout Shortcode <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter CVE-2026-8880 RomanCart Ecommerce <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CVE-2021-25026 Patreon WordPress < 1.8.2 - Admin+ Stored Cross-Site Scripting CVE-2025-5950 IndieBlocks <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via kind Parameter