Vulnerability Name: Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via ID Parameter Severity: Medium Date: 2/19/2026 CVE ID: CVE-2019-25413 CWE ID: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N References: - ExploitDB-46408 - Comodo Dome Firewall Official Homepage - Comodo Dome Firewall Purchase/Trial Page Credit: Ozer Goker Description: Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with script payloads in the ID parameter to execute arbitrary JavaScript in victim browsers.