CVE-2018-1000856

MEDIUM NUCLEI

DomainMOD >=4.09.03 - XSS

Title source: llm

Description

DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear to be exploitable via Victim must visit the vulnerable page. This vulnerability appears to have been fixed in No fix yet.

Nuclei Templates (1)

DomainMOD 4.11.01 - Cross-Site Scripting

MEDIUMVERIFIEDby arafatansari

References (1)

[Exploit, Third Party Advisory] https://github.com/domainmod/domainmod/issues/80

Scores

CVSS v3 4.8

EPSS 0.0104

EPSS Percentile 77.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

domainmod/domainmod 4.09.03 - 4.11.01

Published Dec 20, 2018

Tracked Since Feb 18, 2026