CVE-2024-48622

Name of the Vulnerable Software and Affected Versions DomainMOD versions prior to 4.12.0

Description A cross-site scripting (XSS) issue allows remote attackers to inject JavaScript code via the "admin/domain-fields/edit.php" API endpoint and the cdfid parameter. This enables attackers to execute malicious scripts on the victim's browser.

Recommendations For versions prior to 4.12.0, update to version 4.12.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "admin/domain-fields/edit.php" endpoint and avoiding the use of the cdfid parameter until a patch is applied.