cvedb.io
CVE-2018-1000847
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2018-12-20T15:29:02.237 · Last modified 2026-06-17T01:33:10.163

Summary

FreshDNS version 1.0.3 and prior contains a Cross Site Scripting (XSS) vulnerability in Account data form; Zone editor that can result in Execution of attacker's JavaScript code in victim's session. This attack appear to be exploitable via The attacker stores a specially crafted string as their Full Name in their account details. The victim (e.g. the administrator of the FreshDNS instance) opens the User List in the admin interface.. This vulnerability appears to have been fixed in 1.0.5 and later.

Affected products

freshdns_project — freshdns

Does this affect you?

Add your gear to cvedb and we'll alert you only when freshdns_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.