Lucene search

[email protected]CVE-2018-1000856

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2018-1000856

2022-10-0316:21:59

CWE-79

[email protected]

web.nvd.nist.gov

cve-2018-1000856

domainmod

cross site scripting

xss

vulnerability

security

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

30.5%

JSON

DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear to be exploitable via Victim must visit the vulnerable page. This vulnerability appears to have been fixed in No fix yet.

Affected configurations

NVD

Node

domainmoddomainmodRange4.09.03–4.11.01

CPENameOperatorVersion
domainmod:domainmoddomainmodle4.11.01

CPE	Name	Operator	Version
domainmod:domainmod	domainmod	le	4.11.01

References

github.com/domainmod/domainmod/issues/80

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

30.5%

JSON

Related for CVE-2018-1000856

nvd1 prion1 osv1 nuclei1 cvelist1