In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.

%d bloggers like this: