CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be exploited to cause a reflected Cross Site Scripting XSS vulnerability...

5.3CVSS6AI score0.00213EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 8:29 a.m.•4 views

CVE-2024-48623

In queue\index.php of DomainMOD below v4.12.0, the listid and domainid parameters in the GET request can be exploited to cause a reflected Cross Site Scripting XSS...

5.3CVSS6.4AI score0.00213EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 8:28 a.m.•5 views

CVE-2024-48622

A cross-site scripting XSS issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter...

6.6CVSS6AI score0.00606EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 4:37 p.m.•5 views

CVE-2020-35358

DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access t...

9.8CVSS7AI score0.01477EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:55 p.m.•5 views

CVE-2020-20990

A cross site scripting XSS vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter...

5.4CVSS5.8AI score0.00281EPSS

Exploits1

RedhatCVE•added 2025/05/22 9:15 a.m.•5 views

CVE-2019-1010096

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page...

8.8CVSS6.9AI score0.00141EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 7:36 a.m.•4 views

CVE-2018-11558

DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" newfirstname parameter...

5.4CVSS5.8AI score0.00206EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 7:4 a.m.•3 views

CVE-2018-1000856

DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting XSS vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear t...

4.8CVSS5.9AI score0.0104EPSS

Exploits1References1

OSV•added 2024/10/15 4:15 p.m.•5 views

CVE-2024-48622

A cross-site scripting XSS issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter...

6.6CVSS5.9AI score

Exploits0References1

NVD•added 2024/10/15 4:15 p.m.•16 views

CVE-2024-48623

In queue\index.php of DomainMOD below v4.12.0, the listid and domainid parameters in the GET request can be exploited to cause a reflected Cross Site Scripting XSS...

5.3CVSS0.00213EPSS

Exploits1References1

OSV•added 2024/10/15 4:15 p.m.•4 views

CVE-2024-48623

In queue\index.php of DomainMOD below v4.12.0, the listid and domainid parameters in the GET request can be exploited to cause a reflected Cross Site Scripting XSS...

5.3CVSS6.3AI score

Exploits0References1

CNNVD•added 2024/10/15 12:0 a.m.•1 views

Domainmod 安全漏洞

Domainmod is a PHP and MySQL based open source application from the Domainmod community for managing centrally located domain names and other Internet assets. A security vulnerability exists in Domainmod prior to version v4.12.0, which stems from a JavaScript code injection issue contained in the...

6.6CVSS8.7AI score0.00606EPSS

Exploits1References2