Lucene search
K

304 matches found

0day.today
0day.today
added 2019/08/30 12:0 a.m.45 views

DomainMod 4.13 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: DomainMod = 4.13 - Cross-Site Scripting Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: https://domainmod.org/ Version: = 4.13 Tested on: Ubuntu 18.04.1 CVE: CVE-2019-15811 The software 'DomainMOD' is...

4.3CVSS6.7AI score0.06395EPSS
Exploits5
NVD
NVD
added 2019/08/29 7:15 p.m.33 views

CVE-2019-15811

In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS...

6.1CVSS6.3AI score0.06395EPSS
Exploits5References3
OSV
OSV
added 2019/08/29 7:15 p.m.18 views

CVE-2019-15811

In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS...

6.1CVSS6.7AI score
Exploits0References3
Prion
Prion
added 2019/08/29 7:15 p.m.21 views

Cross site scripting

In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS...

4.3CVSS6.2AI score0.06395EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2019/08/29 6:58 p.m.32 views

CVE-2019-15811

In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS...

6.5AI score0.06395EPSS
Exploits5References3
CVE
CVE
added 2019/08/29 6:58 p.m.87 views

CVE-2019-15811

DomainMOD = 4.13.1 (as documented in the nuclei template). The CVSS3 vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (score 6.1).

6.1CVSS6.3AI score0.06395EPSS
Exploits5References3Affected Software1
Positive Technologies
Positive Technologies
added 2019/08/29 12:0 a.m.3 views

PT-2019-14402 · Domainmod · Domainmod

Name of the Vulnerable Software and Affected Versions: DomainMOD versions prior to 4.14 Description: The issue concerns a security problem where the daterange parameter in the reporting/domains/cost-by-month.php file is vulnerable to XSS attacks. Recommendations: For DomainMOD versions prior to...

6.1CVSS5.9AI score0.06395EPSS
Exploits5References6
CNVD
CNVD
added 2019/07/22 12:0 a.m.1 views

DomainMod Cross-Site Request Forgery Vulnerability (CNVD-2019-32049)

DomainMod is a PHP and MySQL based open source application for managing centrally located domain names and other Internet assets. DomainMod suffers from a cross-site request forgery vulnerability. An attacker can exploit this vulnerability to add an administrator account...

8.8CVSS6.8AI score0.0065EPSS
Exploits1References1
CNVD
CNVD
added 2019/07/22 12:0 a.m.1 views

DomainMod Cross-Site Request Forgery Vulnerability

DomainMod is a PHP and MySQL based open source application for managing centrally located domain names and other Internet assets. DomainMod suffers from a cross-site request forgery vulnerability. An attacker could exploit the vulnerability to change a read-only user to an administrator...

8.8CVSS6.8AI score0.0065EPSS
Exploits1References1
CNVD
CNVD
added 2019/07/22 12:0 a.m.2 views

DomainMod Cross-Site Request Forgery Vulnerability (CNVD-2019-32048)

DomainMod is a PHP and MySQL based open source application for managing centrally located domain names and other Internet assets. DomainMod suffers from a cross-site request forgery vulnerability. An attacker could exploit this vulnerability to change the administrator password...

8.8CVSS6.8AI score0.0065EPSS
Exploits1References1
NVD
NVD
added 2019/07/18 1:15 p.m.24 views

CVE-2019-1010095

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page...

8.8CVSS8.8AI score0.0065EPSS
Exploits1References1
NVD
NVD
added 2019/07/18 1:15 p.m.13 views

CVE-2019-1010094

domainmod v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector...

8.8CVSS8.8AI score0.0065EPSS
Exploits1References1
NVD
NVD
added 2019/07/18 1:15 p.m.68 views

CVE-2019-1010096

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page...

8.8CVSS8.7AI score0.0065EPSS
Exploits1References1
OSV
OSV
added 2019/07/18 1:15 p.m.15 views

CVE-2019-1010096

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page...

8.8CVSS6.8AI score
Exploits0References1
OSV
OSV
added 2019/07/18 1:15 p.m.21 views

CVE-2019-1010095

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page...

8.8CVSS6.9AI score
Exploits0References1
OSV
OSV
added 2019/07/18 1:15 p.m.11 views

CVE-2019-1010094

domainmod v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector...

8.8CVSS6.9AI score
Exploits0References1
Prion
Prion
added 2019/07/18 1:15 p.m.15 views

Cross site request forgery (csrf)

domainmod v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector...

6.8CVSS8.7AI score0.0065EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/07/18 1:15 p.m.18 views

Cross site request forgery (csrf)

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page...

6.8CVSS8.6AI score0.0065EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/07/18 12:37 p.m.24 views

CVE-2019-1010096

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page...

8.8AI score0.0065EPSS
Exploits1References1
CVE
CVE
added 2019/07/18 12:37 p.m.55 views

CVE-2019-1010096

DomainMOD v4.10.0 contains a Cross Site Request Forgery (CSRF) vulnerability that can elevate a user’s privilege from read-only to administrator. The vulnerability is triggered via the admin/users/edit.php?uid=2 component after an administrator logs in and visits a crafted HTML page, enabling an ...

8.8CVSS8.7AI score0.0065EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder