Show filters
28 Total Results
Displaying 1-10 of 28
Sort by:
Attacker Value
Unknown

CVE-2020-20989

Disclosure Date: August 12, 2021 (last updated February 23, 2025)
A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-20990

Disclosure Date: August 12, 2021 (last updated February 23, 2025)
A cross site scripting (XSS) vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-20988

Disclosure Date: August 12, 2021 (last updated February 23, 2025)
A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-35358

Disclosure Date: March 15, 2021 (last updated February 22, 2025)
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access to some system data or functionality.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-9080

Disclosure Date: October 20, 2020 (last updated February 22, 2025)
DomainMOD before 4.14.0 uses MD5 without a salt for password storage.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-12735

Disclosure Date: May 08, 2020 (last updated February 21, 2025)
reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-15811

Disclosure Date: August 29, 2019 (last updated February 15, 2024)
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.
0
0
Attacker Value
Unknown

CVE-2019-1010094

Disclosure Date: July 18, 2019 (last updated November 27, 2024)
domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page.
0
0
Attacker Value
Unknown

CVE-2019-1010095

Disclosure Date: July 18, 2019 (last updated November 27, 2024)
DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page.
0
0
Attacker Value
Unknown

CVE-2019-1010096

Disclosure Date: July 18, 2019 (last updated November 27, 2024)
DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page.
0
0
View More Topics  Next >