DomainMOD 4.11.01 - Registrar Cross-Site Scripting

2018-12-04T00:00:00

Description

{"id": "EDB-ID:45949", "vendorId": null, "type": "exploitdb", "bulletinFamily": "exploit", "title": "DomainMOD 4.11.01 - Registrar Cross-Site Scripting", "description": "", "published": "2018-12-04T00:00:00", "modified": "2018-12-04T00:00:00", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 3.5}, "severity": "LOW", "exploitabilityScore": 6.8, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.7, "impactScore": 2.7}, "href": "https://www.exploit-db.com/exploits/45949", "reporter": "Mohammed Abdul Raheem", "references": [], "cvelist": ["2018-19752", "CVE-2018-19752"], "immutableFields": [], "lastseen": "2022-08-16T06:11:51", "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-19752"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:3C15618E20AFA44C1963FB9A16A82037"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310113327"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:150622", "PACKETSTORM:151867"]}, {"type": "zdt", "idList": ["1337DAY-ID-31737"]}]}, "score": {"value": -0.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2018-19752"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:3C15618E20AFA44C1963FB9A16A82037"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310113327"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:150622"]}, {"type": "zdt", "idList": ["1337DAY-ID-31737"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2018-19752", "epss": "0.001560000", "percentile": "0.502330000", "modified": "2023-03-14"}], "vulnersScore": -0.4}, "_state": {"dependencies": 1661190686, "score": 1661184847, "epss": 1678874978}, "_internal": {"score_hash": "2c98a7d8df4332425a0d67482912a55f"}, "sourceHref": "https://www.exploit-db.com/download/45949", "sourceData": "# Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting\r\n# Date: 2018-11-22\r\n# Exploit Author: Mohammed Abdul Raheem\r\n# Vendor Homepage: domainmod (https://domainmod.org/)\r\n# Software Link: domainmod (https://github.com/DomainMod/DomainMod)\r\n# Version: v4.09.03 to v4.11.01\r\n# CVE : CVE-2018-19752\r\n\r\n# A Stored Cross-site scripting (XSS) was discovered in DomainMod application\r\n# versions from v4.09.03 to v4.11.01\r\n# After logging into the Domainmod application panel, browse to the /assets/add/registrar-account.php page and inject a javascript XSS payload in registrar Name, registrar url & Notes fields \r\n\r\n\"><img src=x onerror=alert(\"Xss-By-Abdul-Raheem\")>\r\n\r\n#POC : attached here https://github.com/domainmod/domainmod/issues/84", "osvdbidlist": [], "exploitType": "webapps", "verified": false}

{"zdt": [{"lastseen": "2018-12-12T08:01:42", "description": "Exploit for php platform in category web applications", "cvss3": {}, "published": "2018-12-04T00:00:00", "type": "zdt", "title": "DomainMOD 4.11.01 - Registrar Cross-Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-19752"], "modified": "2018-12-04T00:00:00", "id": "1337DAY-ID-31737", "href": "https://0day.today/exploit/description/31737", "sourceData": "# Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting\r\n# Exploit Author: Mohammed Abdul Raheem\r\n# Vendor Homepage: domainmod (https://domainmod.org/)\r\n# Software Link: domainmod (https://github.com/DomainMod/DomainMod)\r\n# Version: v4.09.03 to v4.11.01\r\n# CVE : CVE-2018-19752\r\n \r\n# A Stored Cross-site scripting (XSS) was discovered in DomainMod application\r\n# versions from v4.09.03 to v4.11.01\r\n# After logging into the Domainmod application panel, browse to the /assets/add/registrar-account.php page and inject a javascript XSS payload in registrar Name, registrar url & Notes fields \r\n \r\n\"><img src=x onerror=alert(\"Xss-By-Abdul-Raheem\")>\r\n \r\n#POC : attached here https://github.com/domainmod/domainmod/issues/84\n\n# 0day.today [2018-12-12] #", "sourceHref": "https://0day.today/exploit/31737", "cvss": {"score": 0.0, "vector": "NONE"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:12", "description": "\nDomainMOD 4.11.01 - Registrar Cross-Site Scripting", "cvss3": {"exploitabilityScore": 1.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.8, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2018-12-04T00:00:00", "type": "exploitpack", "title": "DomainMOD 4.11.01 - Registrar Cross-Site Scripting", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19752"], "modified": "2018-12-04T00:00:00", "id": "EXPLOITPACK:3C15618E20AFA44C1963FB9A16A82037", "href": "", "sourceData": "# Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting\n# Date: 2018-11-22\n# Exploit Author: Mohammed Abdul Raheem\n# Vendor Homepage: domainmod (https://domainmod.org/)\n# Software Link: domainmod (https://github.com/DomainMod/DomainMod)\n# Version: v4.09.03 to v4.11.01\n# CVE : CVE-2018-19752\n\n# A Stored Cross-site scripting (XSS) was discovered in DomainMod application\n# versions from v4.09.03 to v4.11.01\n# After logging into the Domainmod application panel, browse to the /assets/add/registrar-account.php page and inject a javascript XSS payload in registrar Name, registrar url & Notes fields \n\n\"><img src=x onerror=alert(\"Xss-By-Abdul-Raheem\")>\n\n#POC : attached here https://github.com/domainmod/domainmod/issues/84", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "packetstorm": [{"lastseen": "2019-02-28T19:00:23", "description": "", "cvss3": {}, "published": "2019-02-26T00:00:00", "type": "packetstorm", "title": "DomainMOD 4.11.01 Registrar Cross Site Scripting", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-19752"], "modified": "2019-02-26T00:00:00", "id": "PACKETSTORM:151867", "href": "https://packetstormsecurity.com/files/151867/DomainMOD-4.11.01-Registrar-Cross-Site-Scripting.html", "sourceData": "`# Exploit Title : DomainMOD 4.11.01 and beore - Registrar Cross-Site Scripting \n# Author [ Discovered By ] : Mohammed Abdul Raheem \n# Company Name : TrekShield IT Solutions \n# Date : 04-12-2019 \n# Vendor Homepage : https://domainmod.org/ \n# Software Information Link : https://github.com/DomainMod/DomainMod \n# Software Affected Versions : DomainMOD v4.09.03 to v4.11.01 \n# Tested On : Windows and Linux \n# Category : WebApps \n# Exploit Risk : Medium \n# Vulnerability Type : Cross Site Scripting - Stored Xss \n# CVE : CVE-2018-19752 \n# Exploit-db : https://www.exploit-db.com/?author=9783 \n \n#################################################################### \n \n# Description about Software : \n*************************** \nDomainMOD is an open source application used to manage domains and \nother internet assets in a central location \n \n#################################################################### \n \n# Impact : \n*********** \n \n* This attack vector can be used by an attacker to perform \n \nAccount Hijacking \n \nStealing Credentials \n \nSensitive Data Exposure etc.. \n \n \n# Cross Site Scripting - Stored XSS Exploit : \n*********************************************A Stored Cross-site \nscripting (XSS) was discovered in DomainMod application versions from \nv4.09.03 to v4.11.01 \n \nAfter logging into the Domainmod application panel, browse to the \n/assets/add/registrar-account.php page and inject a javascript XSS \npayload in registrar Name, registrar url & Notes fields \"><img src=x \nonerror=alert(\"Xss-By-Abdul-Raheem\")> \n# More Information Can be find here : \n*************************************https://github.com/domainmod/domainmod/issues/84 \n \n################################################################### \n \n# Discovered By Mohammed Abdul Raheem from TrekShield.com \n`\n", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/151867/domainmod41101reg-xss.txt"}, {"lastseen": "2018-12-06T10:32:23", "description": "", "cvss3": {}, "published": "2018-12-05T00:00:00", "type": "packetstorm", "title": "DomainMOD 4.11.01 Cross Site Scripting", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-19749", "CVE-2018-19752", "CVE-2018-19750", "CVE-2018-19751"], "modified": "2018-12-05T00:00:00", "id": "PACKETSTORM:150622", "href": "https://packetstormsecurity.com/files/150622/DomainMOD-4.11.01-Cross-Site-Scripting.html", "sourceData": "`# Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting \n# Date: 2018-11-22 \n# Exploit Author: Mohammed Abdul Raheem \n# Vendor Homepage: domainmod (https://domainmod.org/) \n# Software Link: domainmod (https://github.com/domainmod/domainmod) \n# Version: v4.09.03 to v4.11.01 \n# CVE : CVE-2018-19749 \n \n# A Stored Cross-site scripting (XSS) was discovered in DomainMod application \n# versions from v4.09.03 to v4.11.01i1/4https://github.com/domainmod/domainmod/issues/81i1/4 \n \nAfter logging into the Domainmod application panel, browse to the \nassets/add/account-owner.php page and inject a javascript XSS payload \nin owner name field \n \n\"><img src=x onerror=alert(\"Xss-By-Abdul-Raheem\")> \n \n#POC : attached here https://github.com/domainmod/domainmod/issues/81 \n \n# Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting \n# Date: 2018-11-22 \n# Exploit Author: Mohammed Abdul Raheem \n# Vendor Homepage: domainmod (https://domainmod.org/) \n# Software Link: domainmod (https://github.com/domainmod/domainmod) \n# Version: v4.09.03 to v4.11.01 \n# CVE : CVE-2018-19750 \n \n# A Stored Cross-site scripting (XSS) was discovered in DomainMod application \n# versions from v4.09.03 to v4.11.01i1/4https://github.com/domainmod/domainmod/issues/82) \n# After logging into the Domainmod application panel, browse to the /admin/domain-fields page, Click Add custom field, and inject a javascript XSS payload in Display Name, Description & Notes fields \n \n\"><img src=x onerror=alert(\"Xss-By-Abdul-Raheem\")> \n \n#POC : attached here https://github.com/domainmod/domainmod/issues/82 \n \n \n \n# Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting \n# Date: 2018-11-22 \n# Exploit Author: Mohammed Abdul Raheem \n# Vendor Homepage: domainmod (https://domainmod.org/) \n# Software Link: domainmod (https://github.com/DomainMod/DomainMod) \n# Version: v4.09.03 to v4.11.01 \n# CVE : CVE-2018-19751 \n \n# A Stored Cross-site scripting (XSS) was discovered in DomainMod application \n# versions from v4.09.03 to v4.11.01i1/4https://github.com/domainmod/domainmod/issues/83) \n# After logging into the Domainmod application panel, browse to the /admin/ssl-fields/add.php page and inject a javascript XSS payload in Display Name, Description & Notes fields \n \n\"><img src=x onerror=alert(\"Xss-By-Abdul-Raheem\")> \n \n#POC : attached here https://github.com/domainmod/domainmod/issues/83 \n \n \n# Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting \n# Date: 2018-11-22 \n# Exploit Author: Mohammed Abdul Raheem \n# Vendor Homepage: domainmod (https://domainmod.org/) \n# Software Link: domainmod (https://github.com/DomainMod/DomainMod) \n# Version: v4.09.03 to v4.11.01 \n# CVE : CVE-2018-19752 \n \n# A Stored Cross-site scripting (XSS) was discovered in DomainMod application \n# versions from v4.09.03 to v4.11.01 \n# After logging into the Domainmod application panel, browse to the /assets/add/registrar-account.php page and inject a javascript XSS payload in registrar Name, registrar url & Notes fields \n \n\"><img src=x onerror=alert(\"Xss-By-Abdul-Raheem\")> \n \n#POC : attached here https://github.com/domainmod/domainmod/issues/84 \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/150622/domainmod41101multi-xss.txt"}], "cve": [{"lastseen": "2023-02-09T14:19:54", "description": "DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.", "cvss3": {"exploitabilityScore": 1.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-11-29T22:29:00", "type": "cve", "title": "CVE-2018-19752", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19752"], "modified": "2018-12-21T14:48:00", "cpe": ["cpe:/a:domainmod:domainmod:4.11.01"], "id": "CVE-2018-19752", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19752", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:domainmod:domainmod:4.11.01:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-10-09T14:28:47", "description": "DomainMOD is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-01-22T00:00:00", "type": "openvas", "title": "DomainMOD < 4.12.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-19749", "CVE-2018-19913", "CVE-2018-20010", "CVE-2018-19752", "CVE-2018-19136", "CVE-2018-19914", "CVE-2018-20011", "CVE-2018-19750", "CVE-2019-1010096", "CVE-2018-19892", "CVE-2018-19137", "CVE-2018-20009", "CVE-2018-11558", "CVE-2018-19751", "CVE-2019-1010095", "CVE-2018-19915", "CVE-2019-1010094", "CVE-2018-11559"], "modified": "2019-10-07T00:00:00", "id": "OPENVAS:1361412562310113327", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113327", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif( description )\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113327\");\n script_version(\"2019-10-07T14:34:48+0000\");\n script_tag(name:\"last_modification\", value:\"2019-10-07 14:34:48 +0000 (Mon, 07 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-22 15:55:07 +0200 (Tue, 22 Jan 2019)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2018-11558\", \"CVE-2018-11559\", \"CVE-2018-19136\", \"CVE-2018-19137\", \"CVE-2018-19749\", \"CVE-2018-19750\",\n \"CVE-2018-19751\", \"CVE-2018-19752\", \"CVE-2018-19892\", \"CVE-2018-19913\", \"CVE-2018-19914\",\n \"CVE-2018-19915\", \"CVE-2018-20009\", \"CVE-2018-20010\", \"CVE-2018-20011\", \"CVE-2019-1010094\",\n \"CVE-2019-1010095\", \"CVE-2019-1010096\");\n\n script_name(\"DomainMOD < 4.12.0 Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_domainmod_http_detect.nasl\");\n script_mandatory_keys(\"domainmod/detected\");\n\n script_tag(name:\"summary\", value:\"DomainMOD is prone to multiple vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The following vulnerabilities exist:\n\n - Stored XSS in the '/settings/profile/index.php' new_first_name parameter\n\n - Stored XSS in the '/settings/profile/index.php' new_last_name parameter\n\n - XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field\n\n - XSS via the assets/add/account-owner.php Owner name field\n\n - XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields\n\n - XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields\n\n - XSS via the assets/add/registrar.php notes field for the Registrar\n\n - XSS via the assets/edit/registrar-account.php raid parameter\n\n - XSS via the assets/edit/ip-address.php ipid parameter\n\n - XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field\n\n - XSS via the assets/add/ssl-provider-account.php username field\n\n - XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field\n\n - XSS via the assets/add/dns.php Profile Name or notes field\n\n - XSS via the assets/edit/host.php Web Host Name or Web Host URL field\n\n - CSRF in /settings/password that allows an attacker to change the admin password\n\n - CSRF in /admin/users/add.php allows an attacker to add an administrator account\n\n - CSRF in /admin/users/edit.php?uid=2 allows an attacker to change the read-only user to admin\");\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an attacker to craft a malicious\n link containing arbitrary JavaScript or HTML or perform actions in the context of another user.\");\n script_tag(name:\"affected\", value:\"DomainMOD prior to version 4.12.0.\");\n script_tag(name:\"solution\", value:\"Update to DomainMOD version 4.12.0 or later.\");\n\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/65\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/66\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/79\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/81\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/82\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/83\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/84\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/86\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/87\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/88\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/79#issuecomment-460035220\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:domainmod:domainmod\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! port = get_app_port( cpe: CPE ) ) exit( 0 );\nif( ! version = get_app_version( cpe: CPE, port: port ) ) exit( 0 );\n\nif( version_is_less( version: version, test_version: \"4.12.0\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"4.12.0\" );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}

DomainMOD 4.11.01 - Registrar Cross-Site Scripting

Description

Related