CVE-2018-11559
DomainMod 4.10.0 is affected by a Stored XSS in the profile settings endpoint (/settings/profile/index.php) via the new_last_name parameter. Root cause: persistent injection in the user profile handling leading to script execution when viewed. Impact is limited to what the XSS allows per the sour...