Domainmod: >> Domainmod >> 4.13.0 Security Vulnerabilities
A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter.
CVSS Score
5.4
EPSS Score
0.023
Published
2021-08-12
A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-08-12
A cross site scripting (XSS) vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-08-12
DomainMOD before 4.14.0 uses MD5 without a salt for password storage.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-10-20
reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-05-08
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.
CVSS Score
6.1
EPSS Score
0.052
Published
2019-08-29