DomainMOD 4.11.01 ssl-provider-name Cross Site Scripting

`# Exploit Title : DomainMOD 4.11.01 and before - 'ssl-provider-name'  
Cross-Site Scripting  
# Author [ Discovered By ] : Mohammed Abdul Raheem  
# Company Name : TrekShield IT Solutions  
# Date : 14-02-2019  
# Vendor Homepage : https://domainmod.org/  
# Software Information Link : https://github.com/DomainMod/DomainMod  
# Software Affected Versions : DomainMOD v4.09.03 to v4.11.01  
# Tested On : Windows and Linux  
# Category : WebApps  
# Exploit Risk : Medium  
# Vulnerability Type : Cross Site Scripting - Stored Xss  
# CVE : CVE-2018-20009  
# Exploit-db : https://www.exploit-db.com/?author=9783  
  
####################################################################  
  
# Description about Software :  
***************************  
DomainMOD is an open source application used to manage domains and  
other internet assets in a central location  
  
####################################################################  
  
# Impact :  
***********  
  
* This attack vector can be used by an attacker to perform  
  
Account Hijacking  
  
Stealing Credentials  
  
Sensitive Data Exposure etc..  
  
  
# Cross Site Scripting - Stored XSS Exploit :  
*********************************************After logging into the  
Domainmod application panel, browse to the  
/assets/add/ssl-provider.php page and inject a javascript XSS payload  
in ssl-provider-name, ssl-provider's-url "><img src=x  
onerror=alert("Xss-By-Abdul-Raheem")>  
# More Information Can be find here :  
*************************************https://github.com/domainmod/domainmod/issues/88  
  
###################################################################  
  
# Discovered By Mohammed Abdul Raheem from TrekShield.com  
`