Mohammed Abdul Raheem

CVE-2018-19752 EXPLOITDB MEDIUM text WORKING POC

DomainMOD <4.11.01 - XSS

DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.

CVSS 4.8

View Code

CVE-2018-20011 EXPLOITDB MEDIUM text WRITEUP

DomainMOD 4.11.01 - XSS

DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.

CVSS 4.8

View Code

EIP-2026-106535 EXPLOITDB text WORKING POC

DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting

View Code

CVE-2018-20010 EXPLOITDB MEDIUM text WORKING POC

DomainMOD 4.11.01 - XSS

DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.

CVSS 4.8

View Code

CVE-2018-20009 EXPLOITDB MEDIUM text WRITEUP

DomainMOD 4.11.01 - XSS

DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.

CVSS 4.8

View Code

CVE-2018-19913 EXPLOITDB MEDIUM text WORKING POC

DomainMOD <4.11.01 - XSS

DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field.

CVSS 4.8

View Code

CVE-2018-19750 EXPLOITDB MEDIUM text WORKING POC

DomainMOD <4.11.01 - XSS

DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields.

CVSS 5.4

View Code

CVE-2018-19751 EXPLOITDB MEDIUM text WORKING POC

DomainMOD <4.11.01 - XSS

DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.

CVSS 4.8

View Code

CVE-2018-19749 EXPLOITDB MEDIUM text WORKING POC

DomainMOD <4.11.01 - XSS

DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.

CVSS 4.8

View Code

CVE-2019-14280 EXPLOITDB MEDIUM text WRITEUP

Craft <2.7.10-3.2.6 - Info Disclosure

In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.

CVSS 5.3

View Code