304 matches found
CVE-2020-20989
A cross-site request forgery CSRF in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs...
CVE-2020-20989
A cross-site request forgery CSRF in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs...
CVE-2020-20988
A cross site scripting XSS vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter...
CVE-2020-20990
A cross site scripting XSS vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter...
CVE-2020-20990
A cross site scripting XSS vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter...
CVE-2020-20988
A cross site scripting XSS vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter...
Cross site scripting
A cross site scripting XSS vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter...
Cross site scripting
A cross site scripting XSS vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter...
CVE-2020-20990
A cross site scripting XSS vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter...
CVE-2020-20990
CVE-2020-20990 is a cross-site scripting (XSS) vulnerability in Domainmod 4.13 that affects the /segments/edit.php Segment Name parameter. The underlying issue is lack of proper validation of user-supplied data, allowing attackers to inject arbitrary web scripts or HTML. The affected component is...
CVE-2020-20989
A cross-site request forgery CSRF in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs...
CVE-2020-20989
Domainmod 4.13 is affected by a CSRF in /admin/maintenance/ that, per multiple sources (NVD, Red Hat, CNVD, OSV, CNVD), allows an attacker to arbitrarily delete logs. The root cause is insufficient verification that requests originate from a trusted user. There is no published remediation detail ...
CVE-2020-20988
A cross site scripting XSS vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter...
CVE-2020-20988
DomainMOD 4.13.0 is vulnerable to Cross-Site Scripting through the reporting/domains/cost-by-owner.php endpoint, with the flaw in the "or Expiring Between" parameter. The issue allows an attacker to cause the browser to execute arbitrary JavaScript in the victim’s session (context: DomainMOD 4.13...
Domainmod 跨站请求伪造漏洞
Domainmod is a PHP and MySQL based open source application from the Domainmod community for managing centrally located domain names and other Internet assets. Domainmod suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a...
Domainmod 跨站脚本漏洞
Domainmod is a PHP and MySQL-based open source application from the Domainmod community for managing centrally located domain names and other Internet assets. script or HTML via the payload designed in the "or Expiring Between" parameter...
Domainmod 跨站脚本漏洞
A cross-site scripting vulnerability exists in Domainmod, a PHP and MySQL-based open source application for managing domain names and other Internet assets in a central location from the Domainmod community, which stems from the lack of proper validation of client-side data by the web application...
DomainMOD < 4.18.0 Session Expiration Vulnerability
DomainMOD is prone to a session expiration vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:domainmod:domainmod"; i...
CVE-2020-35358
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access t...
CVE-2020-35358
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access t...