CVE-2018-1000856

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-1000856

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000856.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1000856

Published

2018-12-20T17:29:00.377Z

Modified

2026-03-14T01:38:57.329587Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear to be exploitable via Victim must visit the vulnerable page. This vulnerability appears to have been fixed in No fix yet.

References

https://github.com/domainmod/domainmod/issues/80

Affected packages

Git / github.com/domainmod/domainmod

Affected ranges

Type

GIT

Repo

https://github.com/domainmod/domainmod

Events

Introduced

39bc5602a60675b33da607fd05ccf67057bd5fd4

Last affected

f569fd2c0ebf3107f357018bbdadfe296a8bf339

Database specific

{
    "versions": [
        {
            "introduced": "4.09.03"
        },
        {
            "last_affected": "4.11.01"
        }
    ]
}

Affected versions

v4.*

v4.09.03

v4.10.0

v4.11.0

v4.11.01

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000856.json"