Total
28 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-20010 | 1 Domainmod | 1 Domainmod | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field. | |||||
CVE-2018-19752 | 1 Domainmod | 1 Domainmod | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar. | |||||
CVE-2018-1000856 | 1 Domainmod | 1 Domainmod | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear to be exploitable via Victim must visit the vulnerable page. This vulnerability appears to have been fixed in No fix yet. | |||||
CVE-2018-19915 | 1 Domainmod | 1 Domainmod | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field. | |||||
CVE-2018-11558 | 1 Domainmod | 1 Domainmod | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter. | |||||
CVE-2018-11559 | 1 Domainmod | 1 Domainmod | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter. | |||||
CVE-2018-11403 | 1 Domainmod | 1 Domainmod | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter. | |||||
CVE-2018-11404 | 1 Domainmod | 1 Domainmod | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter. |