Filtered by vendor Domainmod Subscriptions
Filtered by product Domainmod Subscriptions

Search

Switch to Advanced Search (Beta)
Total 31 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-19752 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.
CVE-2018-19751 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.
CVE-2018-19750 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields.
CVE-2018-19749 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.
CVE-2018-19137 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter.
CVE-2018-19136 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.
CVE-2018-11559 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter.
CVE-2018-11558 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter.
CVE-2018-11404 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.
CVE-2018-11403 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.
CVE-2018-1000856 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear to be exploitable via Victim must visit the vulnerable page. This vulnerability appears to have been fixed in No fix yet.