ByteOS Network

NVD Vulnerability Details :

CVE-2019-25419

Undergoing Analysis

Source-disclosure@vulncheck.com

Published At-19 Feb, 2026 | 13:16

Updated At-19 Feb, 2026 | 15:52

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the schedule endpoint. Attackers can submit POST requests with JavaScript payloads in the SCHNAME parameter to execute arbitrary code in administrators' browsers when the schedule page is accessed.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Type: Secondary

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 7.2

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	disclosure@vulncheck.com

CWE ID: CWE-79

Type: Primary

Source: disclosure@vulncheck.com

References

Hyperlink	Source	Resource
https://cdome.comodo.com/firewall/	disclosure@vulncheck.com	N/A
https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278	disclosure@vulncheck.com	N/A
https://www.exploit-db.com/exploits/46408	disclosure@vulncheck.com	N/A
https://www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scripting-via-schedule	disclosure@vulncheck.com	N/A