CVE-2019-25423 in Comodo Dome Firewall
Summary
by MITRE • 02/19/2026
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the /korugan/proxyconfig endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with JavaScript payloads in parameters like PROXY_PORT, VISIBLE_HOSTNAME, ADMIN_MAIL_ADDRESS, CACHE_MEM, MAX_SIZE, MIN_SIZE, and DST_NOCACHE to execute arbitrary scripts in administrator browsers.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 02/19/2026
The vulnerability identified as CVE-2019-25423 represents a critical reflected cross-site scripting flaw within Comodo Dome Firewall version 2.7.0, specifically affecting the /korugan/proxyconfig endpoint. This security weakness stems from inadequate input validation and sanitization mechanisms within the web application's processing of user-supplied data. The vulnerability manifests when the application fails to properly escape or filter malicious content submitted through HTTP POST requests, allowing attackers to inject harmful scripts that execute in the context of authenticated administrator sessions.
The technical implementation of this vulnerability involves the application's failure to sanitize input parameters within the proxy configuration interface. Attackers can exploit this by submitting malicious payloads through specific POST parameters including PROXY_PORT, VISIBLE_HOSTNAME, ADMIN_MAIL_ADDRESS, CACHE_MEM, MAX_SIZE, MIN_SIZE, and DST_NOCACHE. These parameters are processed without adequate security controls, creating opportunities for script injection that can be executed when administrators view the affected configuration pages. The reflected nature of this vulnerability means that the malicious scripts are immediately reflected back to the user's browser without being stored on the server, making detection more challenging for traditional security measures.
The operational impact of this vulnerability extends beyond simple script execution, as it provides attackers with potential access to administrative functions and sensitive system information. When administrators interact with the compromised configuration interface, their browsers execute the injected JavaScript code, which could potentially steal session cookies, redirect users to malicious sites, or perform unauthorized actions within the firewall management interface. This represents a significant risk to network security infrastructure, as the firewall's administrative interface typically contains critical configuration data and control mechanisms. The vulnerability's severity is amplified by the fact that it requires minimal privileges to exploit, as attackers only need to submit malicious POST requests rather than having pre-existing access to the system.
The attack surface for this vulnerability aligns with CWE-79, which specifically addresses cross-site scripting flaws in web applications. This categorization indicates that the root cause involves improper handling of untrusted data within web applications, creating opportunities for malicious script execution. From an adversarial perspective, this vulnerability maps to multiple ATT&CK techniques including T1059 for command and scripting interpreter usage and T1566 for phishing with malicious attachments, as attackers could craft targeted payloads to exploit this weakness. Organizations should consider implementing comprehensive input validation, output encoding, and regular security assessments to address this and similar vulnerabilities. The recommended mitigations include immediate patching of the affected software version, implementing web application firewalls, and conducting thorough security reviews of all web application endpoints to identify and remediate similar input validation weaknesses. Additionally, security teams should establish monitoring protocols to detect anomalous POST request patterns and implement principle of least privilege access controls for administrative interfaces to minimize potential damage from such exploits.