关键信息 漏洞标题: Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via smtpconfig 严重性: MEDIUM 日期: 2/19/2026 CVE: CVE-2019-25425 CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N 描述: Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUS_ADMIN parameter. Attackers can send POST requests to the smtpconfig endpoint with script payloads to execute arbitrary JavaScript in the context of an administrator's browser session. 参考链接: - ExploitDB-46408 - Comodo Dome Firewall Official Homepage - Comodo Dome Firewall Purchase Page 报告人: Ozer Goker