{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T12:12:37.317","vulnerabilities":[{"cve":{"id":"CVE-2018-1000856","sourceIdentifier":"cve@mitre.org","published":"2018-12-20T17:29:00.377","lastModified":"2024-11-21T03:40:30.413","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear to be exploitable via Victim must visit the vulnerable page. This vulnerability appears to have been fixed in No fix yet."},{"lang":"es","value":"DomainMOD, en versiones 4.09.03 y siguientes, también verificado en la última versión (4.11.01), contiene una vulnerabilidad Cross-Site Scripting (XSS) en el campo Segment Name en la página \"segments\" que puede resultar en que scripts arbitrarios sean ejecutados en todos los navegadores de los usuarios que visiten la página afectada. El ataque parece ser explotable mediante una víctima que visite la página vulnerable. Actualmente, no existe solución a este problema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:*","versionStartIncluding":"4.09.03","versionEndIncluding":"4.11.01","matchCriteriaId":"616A3026-9B26-4B76-A1C8-ADA0070A8F40"}]}]}],"references":[{"url":"https://github.com/domainmod/domainmod/issues/80","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/domainmod/domainmod/issues/80","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}