Vendor CVEs
Domainmod
All CVEs
31 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-35358 | Cri | 0.64 | 9.8 | 0.02 | Mar 15, 2021 | DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers… | ||
| CVE-2020-12735 | Cri | 0.64 | 9.8 | 0.02 | May 8, 2020 | reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover. | ||
| CVE-2019-1010096 | Hig | 0.57 | 8.8 | 0.01 | Jul 18, 2019 | DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html… | ||
| CVE-2019-1010095 | Hig | 0.57 | 8.8 | 0.01 | Jul 18, 2019 | DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page. | ||
| CVE-2019-1010094 | Hig | 0.57 | 8.8 | 0.01 | Jul 18, 2019 | domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2… | ||
| CVE-2019-9080 | Hig | 0.49 | 7.5 | 0.01 | Oct 20, 2020 | DomainMOD before 4.14.0 uses MD5 without a salt for password storage. | ||
| CVE-2024-48622 | Med | 0.43 | 6.6 | 0.00 | Oct 15, 2024 | A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter. | ||
| CVE-2019-15811 | Med | 0.43 | 6.1 | 0.06 | Aug 29, 2019 | In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS. | ||
| CVE-2018-19136 | Med | 0.43 | 6.1 | 0.07 | Nov 9, 2018 | DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter. | ||
| CVE-2018-11404 | Med | 0.43 | 6.1 | 0.02 | May 24, 2018 | DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter. | ||
| CVE-2018-19137 | Med | 0.40 | 6.1 | 0.03 | Nov 9, 2018 | DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter. | ||
| CVE-2018-19750 | Med | 0.38 | 5.4 | 0.02 | Nov 29, 2018 | DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields. | ||
| CVE-2018-11403 | Med | 0.38 | 5.4 | 0.02 | May 24, 2018 | DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter. | ||
| CVE-2020-20990 | Med | 0.35 | 5.4 | 0.01 | Aug 12, 2021 | A cross site scripting (XSS) vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter. | ||
| CVE-2020-20988 | Med | 0.35 | 5.4 | 0.01 | Aug 12, 2021 | A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter. | ||
| CVE-2018-20011 | Med | 0.35 | 4.8 | 0.04 | Dec 10, 2018 | DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field. | ||
| CVE-2018-20010 | Med | 0.35 | 4.8 | 0.04 | Dec 10, 2018 | DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field. | ||
| CVE-2018-20009 | Med | 0.35 | 4.8 | 0.04 | Dec 10, 2018 | DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field. | ||
| CVE-2018-19915 | Med | 0.35 | 4.8 | 0.04 | Dec 6, 2018 | DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field. | ||
| CVE-2018-11559 | Med | 0.35 | 5.4 | 0.01 | May 30, 2018 | DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter. | ||
| CVE-2018-11558 | Med | 0.35 | 5.4 | 0.01 | May 30, 2018 | DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter. | ||
| CVE-2024-48624 | Med | 0.34 | 5.3 | 0.00 | Oct 15, 2024 | In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS) vulnerability. | ||
| CVE-2024-48623 | Med | 0.34 | 5.3 | 0.00 | Oct 15, 2024 | In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS). | ||
| CVE-2018-19914 | Med | 0.34 | 4.8 | 0.03 | Dec 6, 2018 | DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field. | ||
| CVE-2018-19913 | Med | 0.34 | 4.8 | 0.02 | Dec 6, 2018 | DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field. | ||
| CVE-2018-19752 | Med | 0.34 | 4.8 | 0.03 | Nov 29, 2018 | DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar. | ||
| CVE-2018-19751 | Med | 0.34 | 4.8 | 0.03 | Nov 29, 2018 | DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields. | ||
| CVE-2018-19749 | Med | 0.34 | 4.8 | 0.03 | Nov 29, 2018 | DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field. | ||
| CVE-2018-1000856 | Med | 0.31 | 4.8 | 0.01 | Dec 20, 2018 | DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page.… | ||
| CVE-2018-19892 | Med | 0.31 | 4.8 | 0.02 | Dec 6, 2018 | DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field. | ||
| CVE-2020-20989 | Med | 0.28 | 4.3 | 0.00 | Aug 12, 2021 | A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs. |
- risk 0.64cvss 9.8epss 0.02
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers…
- risk 0.64cvss 9.8epss 0.02
reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.
- risk 0.57cvss 8.8epss 0.01
DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html…
- risk 0.57cvss 8.8epss 0.01
DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page.
- risk 0.57cvss 8.8epss 0.01
domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2…
- risk 0.49cvss 7.5epss 0.01
DomainMOD before 4.14.0 uses MD5 without a salt for password storage.
- risk 0.43cvss 6.6epss 0.00
A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter.
- risk 0.43cvss 6.1epss 0.06
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.
- risk 0.43cvss 6.1epss 0.07
DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.
- risk 0.43cvss 6.1epss 0.02
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.
- risk 0.40cvss 6.1epss 0.03
DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter.
- risk 0.38cvss 5.4epss 0.02
DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields.
- risk 0.38cvss 5.4epss 0.02
DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.
- risk 0.35cvss 5.4epss 0.01
A cross site scripting (XSS) vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter.
- risk 0.35cvss 5.4epss 0.01
A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter.
- risk 0.35cvss 4.8epss 0.04
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.
- risk 0.35cvss 4.8epss 0.04
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.
- risk 0.35cvss 4.8epss 0.04
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.
- risk 0.35cvss 4.8epss 0.04
DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.
- risk 0.35cvss 5.4epss 0.01
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter.
- risk 0.35cvss 5.4epss 0.01
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter.
- risk 0.34cvss 5.3epss 0.00
In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS) vulnerability.
- risk 0.34cvss 5.3epss 0.00
In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS).
- risk 0.34cvss 4.8epss 0.03
DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.
- risk 0.34cvss 4.8epss 0.02
DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field.
- risk 0.34cvss 4.8epss 0.03
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.
- risk 0.34cvss 4.8epss 0.03
DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.
- risk 0.34cvss 4.8epss 0.03
DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.
- risk 0.31cvss 4.8epss 0.01
DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page.…
- risk 0.31cvss 4.8epss 0.02
DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.
- risk 0.28cvss 4.3epss 0.00
A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs.