Vulnerabilities > Domainmod > Domainmod > 4.13.0

DATE CVE VULNERABILITY TITLE RISK
2021-08-12 CVE-2020-20988 Cross-site Scripting vulnerability in Domainmod 4.13.0
A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter.
network
domainmod CWE-79
3.5
2021-08-12 CVE-2020-20989 Cross-Site Request Forgery (CSRF) vulnerability in Domainmod 4.13.0
A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs.
network
domainmod CWE-352
4.3
2021-08-12 CVE-2020-20990 Cross-site Scripting vulnerability in Domainmod 4.13.0
A cross site scripting (XSS) vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter.
network
domainmod CWE-79
3.5
2020-10-20 CVE-2019-9080 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Domainmod
DomainMOD before 4.14.0 uses MD5 without a salt for password storage.
network
low complexity
domainmod CWE-327
5.0
2020-05-08 CVE-2020-12735 Insufficient Entropy vulnerability in Domainmod 4.13.0
reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.
network
low complexity
domainmod CWE-331
7.5
2019-08-29 CVE-2019-15811 Cross-site Scripting vulnerability in Domainmod
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.
network
low complexity
domainmod CWE-79
6.1