CVE-2018-1000847

Name of the Vulnerable Software and Affected Versions FreshDNS versions 1.0.3 and prior

Description The issue allows for the execution of an attacker's JavaScript code in a victim's session due to a Cross Site Scripting (XSS) vulnerability in the Account data form and Zone editor. This can be exploited when an attacker stores a specially crafted string as their Full Name in their account details, and the victim, such as the administrator, opens the User List in the admin interface.

Recommendations For FreshDNS versions 1.0.3 and prior, update to version 1.0.5 or later to resolve the issue.