CVE Tools

domainmod

Unclassifiedunknown

14

Cumulative CVEs

3

Monthly snapshots

#53

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting domainmod.

CVE-2024-48624In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS) vulnerability.5.3Oct 15, 2024
CVE-2024-48623In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS).5.3Oct 15, 2024
CVE-2024-48622A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter.6.6Oct 15, 2024
CVE-2020-20990A cross site scripting (XSS) vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter.5.4Aug 12, 2021
CVE-2020-20989A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs.4.3Aug 12, 2021
CVE-2020-20988A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or E...5.4Aug 12, 2021
CVE-2020-35358DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser o...9.8Mar 15, 2021
CVE-2019-9080DomainMOD before 4.14.0 uses MD5 without a salt for password storage.7.5Oct 20, 2020
CVE-2020-12735reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.9.8May 8, 2020
CVE-2019-15811In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.6.1Aug 29, 2019
CVE-2019-1010096DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php...8.8Jul 18, 2019
CVE-2019-1010095DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The ...8.8Jul 18, 2019
CVE-2019-1010094domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/passwor...8.8Jul 18, 2019
CVE-2018-1000856DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Ar...4.8Dec 20, 2018
CVE-2018-20011DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.4.8Dec 10, 2018