Domainmod
Products
1- 31 CVEs
Recent CVEs
31| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-35358 | Cri | 0.64 | 9.8 | 0.02 | Mar 15, 2021 | DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers… | ||
| CVE-2020-12735 | Cri | 0.64 | 9.8 | 0.02 | May 8, 2020 | reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover. | ||
| CVE-2019-1010096 | Hig | 0.57 | 8.8 | 0.01 | Jul 18, 2019 | DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html… | ||
| CVE-2019-1010095 | Hig | 0.57 | 8.8 | 0.01 | Jul 18, 2019 | DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page. | ||
| CVE-2019-1010094 | Hig | 0.57 | 8.8 | 0.01 | Jul 18, 2019 | domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2… | ||
| CVE-2019-9080 | Hig | 0.49 | 7.5 | 0.01 | Oct 20, 2020 | DomainMOD before 4.14.0 uses MD5 without a salt for password storage. | ||
| CVE-2024-48622 | Med | 0.43 | 6.6 | 0.00 | Oct 15, 2024 | A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter. | ||
| CVE-2019-15811 | Med | 0.43 | 6.1 | 0.06 | Aug 29, 2019 | In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS. | ||
| CVE-2018-19136 | Med | 0.43 | 6.1 | 0.07 | Nov 9, 2018 | DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter. | ||
| CVE-2018-11404 | Med | 0.43 | 6.1 | 0.02 | May 24, 2018 | DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter. | ||
| CVE-2018-19137 | Med | 0.40 | 6.1 | 0.03 | Nov 9, 2018 | DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter. | ||
| CVE-2018-19750 | Med | 0.38 | 5.4 | 0.02 | Nov 29, 2018 | DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields. | ||
| CVE-2018-11403 | Med | 0.38 | 5.4 | 0.02 | May 24, 2018 | DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter. | ||
| CVE-2020-20990 | Med | 0.35 | 5.4 | 0.01 | Aug 12, 2021 | A cross site scripting (XSS) vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter. | ||
| CVE-2020-20988 | Med | 0.35 | 5.4 | 0.01 | Aug 12, 2021 | A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter. | ||
| CVE-2018-20011 | Med | 0.35 | 4.8 | 0.04 | Dec 10, 2018 | DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field. | ||
| CVE-2018-20010 | Med | 0.35 | 4.8 | 0.04 | Dec 10, 2018 | DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field. | ||
| CVE-2018-20009 | Med | 0.35 | 4.8 | 0.04 | Dec 10, 2018 | DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field. | ||
| CVE-2018-19915 | Med | 0.35 | 4.8 | 0.04 | Dec 6, 2018 | DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field. | ||
| CVE-2018-11559 | Med | 0.35 | 5.4 | 0.01 | May 30, 2018 | DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter. |
- risk 0.64cvss 9.8epss 0.02
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers…
- risk 0.64cvss 9.8epss 0.02
reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.
- risk 0.57cvss 8.8epss 0.01
DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html…
- risk 0.57cvss 8.8epss 0.01
DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page.
- risk 0.57cvss 8.8epss 0.01
domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2…
- risk 0.49cvss 7.5epss 0.01
DomainMOD before 4.14.0 uses MD5 without a salt for password storage.
- risk 0.43cvss 6.6epss 0.00
A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter.
- risk 0.43cvss 6.1epss 0.06
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.
- risk 0.43cvss 6.1epss 0.07
DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.
- risk 0.43cvss 6.1epss 0.02
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.
- risk 0.40cvss 6.1epss 0.03
DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter.
- risk 0.38cvss 5.4epss 0.02
DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields.
- risk 0.38cvss 5.4epss 0.02
DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.
- risk 0.35cvss 5.4epss 0.01
A cross site scripting (XSS) vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter.
- risk 0.35cvss 5.4epss 0.01
A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter.
- risk 0.35cvss 4.8epss 0.04
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.
- risk 0.35cvss 4.8epss 0.04
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.
- risk 0.35cvss 4.8epss 0.04
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.
- risk 0.35cvss 4.8epss 0.04
DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.
- risk 0.35cvss 5.4epss 0.01
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter.