Vulnerabilities (CVE)

Filtered by vendor Domainmod Subscribe

Filtered by product Domainmod

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-35358	1 Domainmod	1 Domainmod	2021-03-18	7.5 HIGH	9.8 CRITICAL
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access to some system data or functionality.
CVE-2020-12735	1 Domainmod	1 Domainmod	2020-05-12	7.5 HIGH	9.8 CRITICAL
reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.