Lucene search
Damian EbeltiesEXPLOITPACK:C0BBD292F5452ED5094E7AD1A5E3154EHistoryAug 30, 2019 - 12:00 a.m.
DomainMod 4.13 - Cross-Site Scripting
2019-08-3000:00:00
Damian Ebelties
11
0.003 Low
EPSS
Percentile
67.9%
DomainMod 4.13 - Cross-Site Scripting
# Exploit Title: DomainMod <= 4.13 - Cross-Site Scripting
# Date: 30 August 2019
# Exploit Author: Damian Ebelties (https://zerodays.lol/)
# Vendor Homepage: https://domainmod.org/
# Version: <= 4.13
# Tested on: Ubuntu 18.04.1
# CVE: CVE-2019-15811
The software 'DomainMOD' is vulnerable for Cross-Site Scripting in the
file '/reporting/domains/cost-by-month.php' in the parameter 'daterange'.
As of today (30 August 2019) this issue is unfixed.
Almost all other files that use the parameter 'daterange' are vulnerable.
See: https://github.com/domainmod/domainmod/tree/master/reporting/domains
Proof-of-Concept:
https://domain.tld/reporting/domains/cost-by-month.php?daterange=%22onfocus=%22alert(1)%22autofocus=%22Related
cvelist
cvelist
CVE-2019-15811
2019-08-29 18:58:58
prion
prion
Cross site scripting
2019-08-29 19:15:00
nuclei
nuclei
DomainMOD <=4.13.0 - Cross-Site Scripting
2022-07-16 07:01:56
nvd
nvd
CVE-2019-15811
2019-08-29 19:15:13
packetstorm
packetstorm
DomainMod 4.13 Cross Site Scripting
2019-08-30 00:00:00
cve
cve
CVE-2019-15811
2019-08-29 19:15:13
zdt
zdt
DomainMod 4.13 - Cross-Site Scripting Vulnerability
2019-08-30 00:00:00
osv
osv
CVE-2019-15811
2019-08-29 19:15:13
exploitdb
exploitdb
DomainMod 4.13 - Cross-Site Scripting
2019-08-30 00:00:00
openvas
openvas
DomainMOD <= 4.13.0 Multiple Vulnerabilities
2019-09-03 00:00:00