CVE-2019-25425 – Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via smtpconfig

CVE ID : CVE-2019-25425

Published : Feb. 19, 2026, 12:02 p.m. | 57 minutes ago

Description : Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUS_ADMIN parameter. Attackers can send POST requests to the smtpconfig endpoint with script payloads to execute arbitrary JavaScript in the context of an administrator’s browser session.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-25755 – jsPDF has PDF Object Injection via Unsanitized Input in addJS Method

CVE-2026-25535 – jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions

CVE-2026-25527 – changedetection.io vulnerable to unauthenticated static path traversal

CVE-2026-2744 – Blind SQL Injection