{"id": "OPENVAS:1361412562310113329", "type": "openvas", "bulletinFamily": "scanner", "title": "DomainMOD < 4.12.0 Multiple XSS Vulnerabilities", "description": "DomainMOD is prone to multiple Cross-Site Scripting (XSS) Vulnerabilities.", "published": "2019-01-23T00:00:00", "modified": "2020-04-02T00:00:00", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113329", "reporter": "Copyright (C) 2019 Greenbone Networks GmbH", "references": ["https://github.com/domainmod/domainmod/issues/66#issuecomment-460099901", "https://github.com/domainmod/domainmod/issues/66"], "cvelist": ["CVE-2018-11558", "CVE-2018-11559"], "lastseen": "2020-04-07T16:39:37", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-11558", "CVE-2018-11559"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310113327"]}], "rev": 4}, "score": {"value": 4.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2018-11558", "CVE-2018-11559"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310113327"]}]}, "exploitation": null, "vulnersScore": 4.6}, "pluginID": "1361412562310113329", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif( description )\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113329\");\n script_version(\"2020-04-02T11:36:28+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-02 11:36:28 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-23 14:38:54 +0200 (Wed, 23 Jan 2019)\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2018-11558\", \"CVE-2018-11559\");\n\n script_name(\"DomainMOD < 4.12.0 Multiple XSS Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n\n script_tag(name:\"summary\", value:\"DomainMOD is prone to multiple Cross-Site Scripting (XSS) Vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The following vulnerabilities exist:\n\n - Stored XSS in the '/settings/profile/index.php' new_first_name parameter\n\n - Stored XSS in the '/settings/profile/index.php' new_last_name parameter\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an authenticated attacker to inject\n arbitrary JavaScript and HTML into the page.\");\n\n script_tag(name:\"affected\", value:\"DomainMOD prior to version 4.12.0.\");\n script_tag(name:\"solution\", value:\"Update to DomainMOD version 4.12.0 or later.\");\n\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/66\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/66#issuecomment-460099901\");\n\n script_tag(name:\"deprecated\", value:TRUE);\n\n exit(0);\n}\n\n#nb: Consolidated in scripts/2019/domainmod/gb_domainmod_mult_vuln_jan19.nasl\nexit(66);\n", "naslFamily": "Web application abuses", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645620616}}

{"cve": [{"lastseen": "2022-03-23T12:22:26", "description": "DomainMod 4.10.0 has Stored XSS in the \"/settings/profile/index.php\" new_last_name parameter.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-05-30T04:29:00", "type": "cve", "title": "CVE-2018-11559", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11559"], "modified": "2018-11-29T12:19:00", "cpe": ["cpe:/a:domainmod:domainmod:4.10.0"], "id": "CVE-2018-11559", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11559", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:domainmod:domainmod:4.10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:22:24", "description": "DomainMod 4.10.0 has Stored XSS in the \"/settings/profile/index.php\" new_first_name parameter.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-05-30T04:29:00", "type": "cve", "title": "CVE-2018-11558", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11558"], "modified": "2018-11-29T12:19:00", "cpe": ["cpe:/a:domainmod:domainmod:4.10.0"], "id": "CVE-2018-11558", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11558", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:domainmod:domainmod:4.10.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-10-09T14:28:47", "description": "DomainMOD is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-01-22T00:00:00", "type": "openvas", "title": "DomainMOD < 4.12.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-19749", "CVE-2018-19913", "CVE-2018-20010", "CVE-2018-19752", "CVE-2018-19136", "CVE-2018-19914", "CVE-2018-20011", "CVE-2018-19750", "CVE-2019-1010096", "CVE-2018-19892", "CVE-2018-19137", "CVE-2018-20009", "CVE-2018-11558", "CVE-2018-19751", "CVE-2019-1010095", "CVE-2018-19915", "CVE-2019-1010094", "CVE-2018-11559"], "modified": "2019-10-07T00:00:00", "id": "OPENVAS:1361412562310113327", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113327", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif( description )\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113327\");\n script_version(\"2019-10-07T14:34:48+0000\");\n script_tag(name:\"last_modification\", value:\"2019-10-07 14:34:48 +0000 (Mon, 07 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-22 15:55:07 +0200 (Tue, 22 Jan 2019)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2018-11558\", \"CVE-2018-11559\", \"CVE-2018-19136\", \"CVE-2018-19137\", \"CVE-2018-19749\", \"CVE-2018-19750\",\n \"CVE-2018-19751\", \"CVE-2018-19752\", \"CVE-2018-19892\", \"CVE-2018-19913\", \"CVE-2018-19914\",\n \"CVE-2018-19915\", \"CVE-2018-20009\", \"CVE-2018-20010\", \"CVE-2018-20011\", \"CVE-2019-1010094\",\n \"CVE-2019-1010095\", \"CVE-2019-1010096\");\n\n script_name(\"DomainMOD < 4.12.0 Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_domainmod_http_detect.nasl\");\n script_mandatory_keys(\"domainmod/detected\");\n\n script_tag(name:\"summary\", value:\"DomainMOD is prone to multiple vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The following vulnerabilities exist:\n\n - Stored XSS in the '/settings/profile/index.php' new_first_name parameter\n\n - Stored XSS in the '/settings/profile/index.php' new_last_name parameter\n\n - XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field\n\n - XSS via the assets/add/account-owner.php Owner name field\n\n - XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields\n\n - XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields\n\n - XSS via the assets/add/registrar.php notes field for the Registrar\n\n - XSS via the assets/edit/registrar-account.php raid parameter\n\n - XSS via the assets/edit/ip-address.php ipid parameter\n\n - XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field\n\n - XSS via the assets/add/ssl-provider-account.php username field\n\n - XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field\n\n - XSS via the assets/add/dns.php Profile Name or notes field\n\n - XSS via the assets/edit/host.php Web Host Name or Web Host URL field\n\n - CSRF in /settings/password that allows an attacker to change the admin password\n\n - CSRF in /admin/users/add.php allows an attacker to add an administrator account\n\n - CSRF in /admin/users/edit.php?uid=2 allows an attacker to change the read-only user to admin\");\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an attacker to craft a malicious\n link containing arbitrary JavaScript or HTML or perform actions in the context of another user.\");\n script_tag(name:\"affected\", value:\"DomainMOD prior to version 4.12.0.\");\n script_tag(name:\"solution\", value:\"Update to DomainMOD version 4.12.0 or later.\");\n\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/65\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/66\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/79\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/81\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/82\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/83\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/84\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/86\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/87\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/88\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/79#issuecomment-460035220\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:domainmod:domainmod\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! port = get_app_port( cpe: CPE ) ) exit( 0 );\nif( ! version = get_app_version( cpe: CPE, port: port ) ) exit( 0 );\n\nif( version_is_less( version: version, test_version: \"4.12.0\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"4.12.0\" );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}