Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the FWADDRESSES parameter. Attackers can send POST requests to the /korugan/fwgroups endpoint with script payloads to execute arbitrary JavaScript in users' browsers and steal session data.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
References
History
Thu, 19 Feb 2026 12:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the FWADDRESSES parameter. Attackers can send POST requests to the /korugan/fwgroups endpoint with script payloads to execute arbitrary JavaScript in users' browsers and steal session data. | |
| Title | Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via fwgroups | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: VulnCheck
Published: 2026-02-19T12:02:34.189Z
Updated: 2026-02-19T12:02:34.189Z
Reserved: 2026-02-18T22:39:30.175Z
Link: CVE-2019-25418
Vulnrichment
No data.
NVD
Status : Undergoing Analysis
Published: 2026-02-19T13:16:15.950
Modified: 2026-02-19T15:52:39.260
Link: CVE-2019-25418
Redhat
No data.