VYPR

Domainmod

by Domainmod

Source repositories

CVEs (31)

  • CVE-2018-11558MedMay 30, 2018
    risk 0.35cvss 5.4epss 0.01

    DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter.

  • CVE-2024-48624MedOct 15, 2024
    risk 0.34cvss 5.3epss 0.00

    In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS) vulnerability.

  • CVE-2024-48623MedOct 15, 2024
    risk 0.34cvss 5.3epss 0.00

    In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS).

  • CVE-2018-19914MedDec 6, 2018
    risk 0.34cvss 4.8epss 0.03

    DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.

  • CVE-2018-19913MedDec 6, 2018
    risk 0.34cvss 4.8epss 0.02

    DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field.

  • CVE-2018-19752MedNov 29, 2018
    risk 0.34cvss 4.8epss 0.03

    DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.

  • CVE-2018-19751MedNov 29, 2018
    risk 0.34cvss 4.8epss 0.03

    DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.

  • CVE-2018-19749MedNov 29, 2018
    risk 0.34cvss 4.8epss 0.03

    DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.

  • CVE-2018-1000856MedDec 20, 2018
    risk 0.31cvss 4.8epss 0.01

    DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page.…

  • CVE-2018-19892MedDec 6, 2018
    risk 0.31cvss 4.8epss 0.02

    DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.

  • CVE-2020-20989MedAug 12, 2021
    risk 0.28cvss 4.3epss 0.00

    A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs.

Page 2 of 2