DomainMOD 4.11.01 Custom SSL Fields Cross Site Scripting

2019.03.03
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

# Exploit Title : DomainMOD 4.11.01 and before - Custom SSL Fields Cross-Site Scripting # Author [ Discovered By ] : Mohammed Abdul Raheem # Company Name : TrekShield IT Solutions # Date : 04-12-2019 # Vendor Homepage : https://domainmod.org/ # Software Information Link : https://github.com/DomainMod/DomainMod # Software Affected Versions : DomainMOD v4.09.03 to v4.11.01 # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # Vulnerability Type : Cross Site Scripting - Stored Xss # CVE : CVE-2018-19751 # Exploit-db : https://www.exploit-db.com/?author=9783 #################################################################### # Description about Software : *************************** DomainMOD is an open source application used to manage domains and other internet assets in a central location #################################################################### # Impact : *********** * This attack vector can be used by an attacker to perform Account Hijacking Stealing Credentials Sensitive Data Exposure etc.. # Cross Site Scripting - Stored XSS Exploit : *********************************************A Stored Cross-site scripting (XSS) was discovered in DomainMod application versions from v4.09.03 to v4.11.01 After logging into the Domainmod application panel, browse to the /admin/ssl-fields/add.php page and inject a javascript XSS payload in Display Name, Description & Notes fields "><img src=x onerror=alert("Xss-By-Abdul-Raheem")> # More Information Can be find here : *************************************https://github.com/domainmod/domainmod/issues/83 ################################################################### # Discovered By Mohammed Abdul Raheem from TrekShield.com


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top