CVE-2018-19136

DomainMOD 4.11.01 is vulnerable to reflected cross-site scripting through assets/edit/registrar-account.php?raid=… due to insufficient input sanitization of the raid parameter. This can allow an attacker to execute arbitrary JavaScript in a victim’s browser, potentially enabling session hijacking...