domainmod vulnerabilities and exploits

3.5
CVSSv2
CVE-2018-11403

DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter....

Domainmod
4.3
CVSSv2
CVE-2018-11404

DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter....

Domainmod
3.5
CVSSv2
CVE-2018-11559

DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter....

Domainmod
3.5
CVSSv2
CVE-2018-11558

DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter....

Domainmod
3.5
CVSSv2
CVE-2018-19892

DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field....

3.5
CVSSv2
CVE-2018-19750

DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields....

6.8
CVSSv2
CVE-2019-1010094

domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change admin password. The component is: 127.0.0.1/settings/password/ 127.0.0.1/admin/users/add.php 127.0.0.1/admin/users/edit.php?uid=2. The attack vector...

6.8
CVSSv2
CVE-2019-1010095

domainmod(domainmod.org/) domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: 127.0.0.1/admin/users/add.php. The attack vector is: After the administrator...

4.3
CVSSv2
CVE-2018-19136

DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter....

Domainmod
4.3
CVSSv2
CVE-2018-19137

DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter....