304 matches found
DomainMod 4.13 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: DomainMod = 4.13 - Cross-Site Scripting Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: https://domainmod.org/ Version: = 4.13 Tested on: Ubuntu 18.04.1 CVE: CVE-2019-15811 The software 'DomainMOD' is...
CVE-2019-15811
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS...
CVE-2019-15811
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS...
Cross site scripting
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS...
CVE-2019-15811
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS...
CVE-2019-15811
DomainMOD = 4.13.1 (as documented in the nuclei template). The CVSS3 vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (score 6.1).
PT-2019-14402 · Domainmod · Domainmod
Name of the Vulnerable Software and Affected Versions: DomainMOD versions prior to 4.14 Description: The issue concerns a security problem where the daterange parameter in the reporting/domains/cost-by-month.php file is vulnerable to XSS attacks. Recommendations: For DomainMOD versions prior to...
DomainMod Cross-Site Request Forgery Vulnerability (CNVD-2019-32049)
DomainMod is a PHP and MySQL based open source application for managing centrally located domain names and other Internet assets. DomainMod suffers from a cross-site request forgery vulnerability. An attacker can exploit this vulnerability to add an administrator account...
DomainMod Cross-Site Request Forgery Vulnerability
DomainMod is a PHP and MySQL based open source application for managing centrally located domain names and other Internet assets. DomainMod suffers from a cross-site request forgery vulnerability. An attacker could exploit the vulnerability to change a read-only user to an administrator...
DomainMod Cross-Site Request Forgery Vulnerability (CNVD-2019-32048)
DomainMod is a PHP and MySQL based open source application for managing centrally located domain names and other Internet assets. DomainMod suffers from a cross-site request forgery vulnerability. An attacker could exploit this vulnerability to change the administrator password...
CVE-2019-1010095
DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page...
CVE-2019-1010094
domainmod v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector...
CVE-2019-1010096
DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page...
CVE-2019-1010096
DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page...
CVE-2019-1010095
DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page...
CVE-2019-1010094
domainmod v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector...
Cross site request forgery (csrf)
domainmod v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector...
Cross site request forgery (csrf)
DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page...
CVE-2019-1010096
DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page...
CVE-2019-1010096
DomainMOD v4.10.0 contains a Cross Site Request Forgery (CSRF) vulnerability that can elevate a user’s privilege from read-only to administrator. The vulnerability is triggered via the admin/users/edit.php?uid=2 component after an administrator logs in and visits a crafted HTML page, enabling an ...