Mohammed Abdul Raheem

**Name of the Vulnerable Software and Affected Versions** DomainMOD version 4.11.01 **Description** The issue allows for XSS via the "SSL Provider Name" or "SSL Provider URL" field in the assets/add/ssl-provider.php page. **Recommendations** For DomainMOD version 4.11.01, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** DomainMOD version 4.11.01 **Description** The issue is related to XSS via the `assets/add/category.php` endpoint, specifically through the `Category Name` or `Stakeholder` field. **Recommendations** For DomainMOD version 4.11.01, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DomainMOD version 4.11.01 **Description** The issue is related to a security problem where an attacker can inject malicious code. This is possible due to insufficient input validation in the `username` field of the "assets/add/ssl-provider-account.php" endpoint. **Recommendations** For DomainMOD version 4.11.01, update to a newer version that includes a fix for this issue, if available. As a temporary workaround, consider validating and sanitizing user input for the `username` field in the "assets/add/ssl-provider-account.php" endpoint to prevent malicious code injection.

**Name of the Vulnerable Software and Affected Versions** DomainMOD versions prior to 4.11.02 **Description** The issue allows for XSS attacks via the `UserName`, `Reseller ID`, or `notes` field in the `assets/add/registrar-accounts.php` page. **Recommendations** For DomainMOD versions prior to 4.11.02, update to version 4.11.02 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** DomainMOD versions prior to 4.11.02 **Description** The issue allows for XSS via the `Owner name` field in the `assets/add/account-owner.php` page. **Recommendations** For DomainMOD versions prior to 4.11.02, update to version 4.11.02 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** DomainMOD versions prior to 4.11.02 **Description** The issue allows for XSS via the `notes` field for the Registrar in the `assets/add/registrar.php` page. **Recommendations** For DomainMOD versions prior to 4.11.02, update to version 4.11.02 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** DomainMOD versions prior to 4.11.02 **Description** The issue allows for XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields. **Recommendations** For DomainMOD versions prior to 4.11.02, update to version 4.11.02 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** DomainMOD versions prior to 4.11.02 **Description** The issue allows for XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields. **Recommendations** For DomainMOD versions prior to 4.11.02, update to version 4.11.02 or later to resolve the issue.