Freshdns Project

freshdns_project

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Freshdns

freshdns

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-1000847 1Freshdns Project 1Freshdns Nov 21, 2024 Dec 20, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 FreshDNS version 1.0.3 and prior contains a Cross Site Scripting (XSS) vulnerability in Account data form; Zone editor that can result in Execution of attacker's JavaScript code in victim's session. This attack appear to...Show more FreshDNS version 1.0.3 and prior contains a Cross Site Scripting (XSS) vulnerability in Account data form; Zone editor that can result in Execution of attacker's JavaScript code in victim's session. This attack appear to be exploitable via The attacker stores a specially crafted string as their Full Name in their account details. The victim (e.g. the administrator of the FreshDNS instance) opens the User List in the admin interface.. This vulnerability appears to have been fixed in 1.0.5 and later.Show less
CVE-2018-1000846 1Freshdns Project 1Freshdns Nov 21, 2024 Dec 20, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forgery (CSRF) vulnerability in All (authenticated) API calls in index.php / class.manager.php that can result in Editing domains and zones with victim's pr...Show more FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forgery (CSRF) vulnerability in All (authenticated) API calls in index.php / class.manager.php that can result in Editing domains and zones with victim's privileges. This attack appear to be exploitable via Victim must open a website containing attacker's javascript. This vulnerability appears to have been fixed in 1.0.5 and later.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2018-1000847

1Freshdns Project

1Freshdns

Nov 21, 2024

Dec 20, 2018

N/A· v4

5.4 MEDIUM· v3

3.5 LOW· v2

FreshDNS version 1.0.3 and prior contains a Cross Site Scripting (XSS) vulnerability in Account data form; Zone editor that can result in Execution of attacker's JavaScript code in victim's session. This attack appear to be exploitable via The attacker stores a specially crafted string as their Full Name in their account details. The victim (e.g. the administrator of the FreshDNS instance) opens the User List in the admin interface.. This vulnerability appears to have been fixed in 1.0.5 and later.Show less

CVE-2018-1000846

1Freshdns Project

1Freshdns

Nov 21, 2024

Dec 20, 2018

N/A· v4

8.8 HIGH· v3

6.8 MEDIUM· v2

FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forgery (CSRF) vulnerability in All (authenticated) API calls in index.php / class.manager.php that can result in Editing domains and zones with victim's privileges. This attack appear to be exploitable via Victim must open a website containing attacker's javascript. This vulnerability appears to have been fixed in 1.0.5 and later.Show less