VYPR

Domainmod

by Domainmod

Source repositories

CVEs (31)

  • CVE-2020-35358CriMar 15, 2021
    risk 0.64cvss 9.8epss 0.02

    DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers…

  • CVE-2020-12735CriMay 8, 2020
    risk 0.64cvss 9.8epss 0.02

    reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.

  • CVE-2019-1010096HigJul 18, 2019
    risk 0.57cvss 8.8epss 0.01

    DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html…

  • CVE-2019-1010095HigJul 18, 2019
    risk 0.57cvss 8.8epss 0.01

    DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page.

  • CVE-2019-1010094HigJul 18, 2019
    risk 0.57cvss 8.8epss 0.01

    domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2…

  • CVE-2019-9080HigOct 20, 2020
    risk 0.49cvss 7.5epss 0.01

    DomainMOD before 4.14.0 uses MD5 without a salt for password storage.

  • CVE-2024-48622MedOct 15, 2024
    risk 0.43cvss 6.6epss 0.00

    A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter.

  • CVE-2019-15811MedAug 29, 2019
    risk 0.43cvss 6.1epss 0.06

    In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.

  • CVE-2018-19136MedNov 9, 2018
    risk 0.43cvss 6.1epss 0.07

    DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.

  • CVE-2018-11404MedMay 24, 2018
    risk 0.43cvss 6.1epss 0.02

    DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.

  • CVE-2018-19137MedNov 9, 2018
    risk 0.40cvss 6.1epss 0.03

    DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter.

  • CVE-2018-19750MedNov 29, 2018
    risk 0.38cvss 5.4epss 0.02

    DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields.

  • CVE-2018-11403MedMay 24, 2018
    risk 0.38cvss 5.4epss 0.02

    DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.

  • CVE-2020-20990MedAug 12, 2021
    risk 0.35cvss 5.4epss 0.01

    A cross site scripting (XSS) vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter.

  • CVE-2020-20988MedAug 12, 2021
    risk 0.35cvss 5.4epss 0.01

    A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter.

  • CVE-2018-20011MedDec 10, 2018
    risk 0.35cvss 4.8epss 0.04

    DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.

  • CVE-2018-20010MedDec 10, 2018
    risk 0.35cvss 4.8epss 0.04

    DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.

  • CVE-2018-20009MedDec 10, 2018
    risk 0.35cvss 4.8epss 0.04

    DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.

  • CVE-2018-19915MedDec 6, 2018
    risk 0.35cvss 4.8epss 0.04

    DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.

  • CVE-2018-11559MedMay 30, 2018
    risk 0.35cvss 5.4epss 0.01

    DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter.

Page 1 of 2