← volver
CVE-2018-1000856

CVE-2018-1000856

EPSS 1.4%
Vexday Risk Score
18Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS EPSS 1.4%KEV nãoPoC Nuclei simMetasploit Patch
Ciclo de vida
20 dic 2018Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear to be exploitable via Victim must visit the vulnerable page. This vulnerability appears to have been fixed in No fix yet.
Productos afectados
n/a · n/a