CVE-2018-19751

MEDIUM NUCLEI

DomainMOD 4.09.03-4.11.01 - Stored Cross-Site Scripting via Custom SSL Fields Notes Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-19751. PoCs published by Mohammed Abdul Raheem. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in DomainMOD versions 4.09.03 to 4.11.01. The payload is injected into the Display Name, Description, and Notes fields via the admin panel, triggering when rendered.

Description

DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.

Exploits (1)

exploitdb WORKING POC
by Mohammed Abdul Raheem · textwebappsphp
https://www.exploit-db.com/exploits/45947

This exploit demonstrates a stored XSS vulnerability in DomainMOD versions 4.09.03 to 4.11.01. The payload is injected into the Display Name, Description, and Notes fields via the admin panel, triggering when rendered.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: DomainMOD v4.09.03 to v4.11.01
Auth required
Prerequisites: Access to the DomainMOD admin panel
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

DomainMOD 4.11.01 - Cross-Site Scripting
MEDIUMVERIFIEDby arafatansari

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45947/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/domainmod/domainmod/issues/83

Scores

CVSS v3 4.8
EPSS 0.0332
EPSS Percentile 87.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
domainmod/domainmod 4.09.03 - 4.11.01
Published Nov 29, 2018
Tracked Since Feb 18, 2026