Vulnerabilities > Domainmod > Domainmod > 0.21.5

DATE CVE VULNERABILITY TITLE RISK
2020-10-20 CVE-2019-9080 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Domainmod
DomainMOD before 4.14.0 uses MD5 without a salt for password storage.
network
low complexity
domainmod CWE-327
5.0
2019-08-29 CVE-2019-15811 Cross-site Scripting vulnerability in Domainmod
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.
network
low complexity
domainmod CWE-79
6.1
2018-12-06 CVE-2018-19892 Cross-site Scripting vulnerability in Domainmod
DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.
network
domainmod CWE-79
3.5
2018-11-29 CVE-2018-19750 Cross-site Scripting vulnerability in Domainmod
DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields.
network
domainmod CWE-79
3.5
2018-11-09 CVE-2018-19137 Cross-site Scripting vulnerability in Domainmod
DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter.
network
domainmod CWE-79
4.3
2018-11-09 CVE-2018-19136 Cross-site Scripting vulnerability in Domainmod
DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.
network
domainmod CWE-79
4.3