Domainmod
by Domainmod
Source repositories
CVEs (31)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-11558 | Med | 0.35 | 5.4 | 0.01 | May 30, 2018 | DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter. | ||
| CVE-2024-48624 | Med | 0.34 | 5.3 | 0.00 | Oct 15, 2024 | In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS) vulnerability. | ||
| CVE-2024-48623 | Med | 0.34 | 5.3 | 0.00 | Oct 15, 2024 | In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS). | ||
| CVE-2018-19914 | Med | 0.34 | 4.8 | 0.03 | Dec 6, 2018 | DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field. | ||
| CVE-2018-19913 | Med | 0.34 | 4.8 | 0.02 | Dec 6, 2018 | DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field. | ||
| CVE-2018-19752 | Med | 0.34 | 4.8 | 0.03 | Nov 29, 2018 | DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar. | ||
| CVE-2018-19751 | Med | 0.34 | 4.8 | 0.03 | Nov 29, 2018 | DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields. | ||
| CVE-2018-19749 | Med | 0.34 | 4.8 | 0.03 | Nov 29, 2018 | DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field. | ||
| CVE-2018-1000856 | Med | 0.31 | 4.8 | 0.01 | Dec 20, 2018 | DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page.… | ||
| CVE-2018-19892 | Med | 0.31 | 4.8 | 0.02 | Dec 6, 2018 | DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field. | ||
| CVE-2020-20989 | Med | 0.28 | 4.3 | 0.00 | Aug 12, 2021 | A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs. |
- risk 0.35cvss 5.4epss 0.01
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter.
- risk 0.34cvss 5.3epss 0.00
In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS) vulnerability.
- risk 0.34cvss 5.3epss 0.00
In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS).
- risk 0.34cvss 4.8epss 0.03
DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.
- risk 0.34cvss 4.8epss 0.02
DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field.
- risk 0.34cvss 4.8epss 0.03
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.
- risk 0.34cvss 4.8epss 0.03
DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.
- risk 0.34cvss 4.8epss 0.03
DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.
- risk 0.31cvss 4.8epss 0.01
DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page.…
- risk 0.31cvss 4.8epss 0.02
DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.
- risk 0.28cvss 4.3epss 0.00
A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs.
Page 2 of 2