CVE-2018-1000856

nvd nist nuclei

Published: Dec 20, 2018Modified: Nov 21, 2024

4.8

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.7 / Impact: 2.7

Source: NVD

Description

DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear to be exploitable via Victim must visit the vulnerable page. This vulnerability appears to have been fixed in No fix yet.

Affected (1)

Products: Domainmod: Domainmod

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Domainmod Domainmod	From 4.09.03 to 4.11.01

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://github.com/domainmod/domainmod/issues/80

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/domainmod/domainmod/issues/80

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.