CVE-2018-1000856
MEDIUM NUCLEIDomainMOD 4.09.03-4.11.01 - Stored Cross-Site Scripting in Segment Name Field
Title source: llmExploitation Summary
CVE-2018-1000856 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear to be exploitable via Victim must visit the vulnerable page. This vulnerability appears to have been fixed in No fix yet.
Nuclei Templates (1)
DomainMOD 4.11.01 - Cross-Site Scripting
MEDIUMVERIFIEDby arafatansari
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/domainmod/domainmod/issues/80
Scores
CVSS v3
4.8
EPSS
0.0142
EPSS Percentile
69.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
domainmod/domainmod
4.09.03 - 4.11.01
Published
Dec 20, 2018
Tracked Since
Feb 18, 2026