Mohammed Abdul Raheem

10 exploits Active since Nov 2018
CVE-2018-19752 EXPLOITDB MEDIUM text WORKING POC
DomainMOD 4.09.03-4.11.01 - Stored Cross-Site Scripting via Registrar Notes Field
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.
CVSS 4.8
CVE-2018-20011 EXPLOITDB MEDIUM text WRITEUP
DomainMOD 4.09.03-4.11.01 - Cross-Site Scripting via Category Name or Stakeholder Field
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.
CVSS 4.8
EIP-2026-106535 EXPLOITDB text WORKING POC
DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting
CVE-2018-20010 EXPLOITDB MEDIUM text WORKING POC
DomainMOD 4.09.03-4.11.01 - Stored Cross-Site Scripting via SSL Provider Account Username Field
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.
CVSS 4.8
CVE-2018-20009 EXPLOITDB MEDIUM text WRITEUP
DomainMOD 4.09.03-4.11.01 - Stored Cross-Site Scripting via SSL Provider Name or URL Field
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.
CVSS 4.8
CVE-2018-19913 EXPLOITDB MEDIUM text WORKING POC
DomainMOD < 4.11.01 - Stored Cross-Site Scripting via Registrar Account Fields
DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field.
CVSS 4.8
CVE-2018-19750 EXPLOITDB MEDIUM text WORKING POC
DomainMOD < 4.11.01 - Stored Cross-Site Scripting via Custom Domain Field Notes
DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields.
CVSS 5.4
CVE-2018-19751 EXPLOITDB MEDIUM text WORKING POC
DomainMOD 4.09.03-4.11.01 - Stored Cross-Site Scripting via Custom SSL Fields Notes Parameter
DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.
CVSS 4.8
CVE-2018-19749 EXPLOITDB MEDIUM text WORKING POC
DomainMOD < 4.11.01 - Stored Cross-Site Scripting via Account Owner Name Field
DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.
CVSS 4.8
CVE-2019-14280 EXPLOITDB MEDIUM text WRITEUP
Craft <2.7.10-3.2.6 - Info Disclosure
In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.
CVSS 5.3