Domainmod: >> Domainmod >> 0.25.0 Security Vulnerabilities
A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter.
CVSS Score
6.6
EPSS Score
0.004
Published
2024-10-15
In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS).
CVSS Score
5.3
EPSS Score
0.002
Published
2024-10-15
In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS) vulnerability.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-10-15
DomainMOD before 4.14.0 uses MD5 without a salt for password storage.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-10-20
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.
CVSS Score
6.1
EPSS Score
0.052
Published
2019-08-29
DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.
CVSS Score
4.8
EPSS Score
0.014
Published
2018-12-06
DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-29
DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.
CVSS Score
6.1
EPSS Score
0.029
Published
2018-11-09
DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter.
CVSS Score
6.1
EPSS Score
0.041
Published
2018-11-09