DomainMOD 4.11.01 Custom SSL Fields Cross Site Scripting

`# Exploit Title : DomainMOD 4.11.01 and before - Custom SSL Fields  
Cross-Site Scripting  
# Author [ Discovered By ] : Mohammed Abdul Raheem  
# Company Name : TrekShield IT Solutions  
# Date : 04-12-2019  
# Vendor Homepage : https://domainmod.org/  
# Software Information Link : https://github.com/DomainMod/DomainMod  
# Software Affected Versions : DomainMOD v4.09.03 to v4.11.01  
# Tested On : Windows and Linux  
# Category : WebApps  
# Exploit Risk : Medium  
# Vulnerability Type : Cross Site Scripting - Stored Xss  
# CVE : CVE-2018-19751  
# Exploit-db : https://www.exploit-db.com/?author=9783  
  
####################################################################  
  
# Description about Software :  
***************************  
DomainMOD is an open source application used to manage domains and  
other internet assets in a central location  
  
####################################################################  
  
# Impact :  
***********  
  
* This attack vector can be used by an attacker to perform  
  
Account Hijacking  
  
Stealing Credentials  
  
Sensitive Data Exposure etc..  
  
  
# Cross Site Scripting - Stored XSS Exploit :  
*********************************************A Stored Cross-site  
scripting (XSS) was discovered in DomainMod application versions from  
v4.09.03 to v4.11.01  
  
After logging into the Domainmod application panel, browse to the  
/admin/ssl-fields/add.php page and inject a javascript XSS payload in  
Display Name, Description & Notes fields "><img src=x  
onerror=alert("Xss-By-Abdul-Raheem")>  
# More Information Can be find here :  
*************************************https://github.com/domainmod/domainmod/issues/83  
  
###################################################################  
  
# Discovered By Mohammed Abdul Raheem from TrekShield.com  
`