Comodo Dome Firewall 2.7.0 Cross-Site Scripting via backupschedule Severity: Medium Date: 2/19/2026 Product: Comodo Dome Firewall <= 2.7.0 Source: NVD-2019-25407 Vulnerability: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N References: ExploitDB-46408 Comodo Dome Firewall Official Homepage Comodo Dome Firewall Purchase Page Credit: Ozer Goker Description: Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the backup schedule interface. Attackers can send POST requests to the backupschedule endpoint with JavaScript code in the BACKUP_RCPTTO parameter to execute arbitrary scripts in users' browsers.