12 matches found
DomainMOD 4.11.01 - 'ssl-provider-name' Cross-Site Scripting
Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version: v4.09.03 to v4.11.01 CVE : CVE-2018-20009 A Stored Cross-site...
CVE-2018-20009
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field...
CVE-2018-20011
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field...
Default credentials
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field...
Default credentials
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field...
CVE-2018-20011
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field...
CVE-2018-20010
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field...
Default credentials
DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field...
CVE-2018-19914
DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field...
Default credentials
DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields...
CVE-2018-19749
DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field...
Default credentials
DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields...