CVE-2018-1000847
CVE-2018-1000847 concerns FreshDNS prior to version 1.0.5, where an XSS flaw exists in the account data form within the Zone editor. An attacker can inject JavaScript by storing a crafted string as the Full Name in their account, which could execute in the victim’s (administrator) session when th...