CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

270 matches found

Vulnrichment•added 2023/10/20 4:22 p.m.•9 views

CVE-2023-5688 Cross-site Scripting (XSS) - DOM in modoboa/modoboa

Cross-site Scripting XSS - DOM in GitHub repository modoboa/modoboa prior to 2.2.2...

9.8CVSS6AI score0.00141EPSS

Exploits1References2

Cvelist•added 2023/10/20 4:22 p.m.•14 views

CVE-2023-5688 Cross-site Scripting (XSS) - DOM in modoboa/modoboa

Cross-site Scripting XSS - DOM in GitHub repository modoboa/modoboa prior to 2.2.2...

9.8CVSS5.5AI score0.00141EPSS

Exploits1References2

OSV•added 2023/10/20 4:22 p.m.•19 views

CVE-2023-5688 Cross-site Scripting (XSS) - DOM in modoboa/modoboa

Cross-site Scripting XSS - DOM in GitHub repository modoboa/modoboa prior to 2.2.2...

9.8CVSS7.9AI score0.00141EPSS

Exploits1References4

CVE•added 2023/10/20 4:22 p.m.•85 views

CVE-2023-5688

CVE-2023-5688 affects modoboa/modoboa prior to 2.2.2 and is described as a DOM-based Cross-site Scripting (XSS) vulnerability. The vulnerability is triggered through the browser environment, allowing an attacker to execute malicious scripts in a user’s session. Public references confirm the issue...

9.8CVSS5.5AI score0.00141EPSS

Exploits1References2Affected Software1

CNNVD•added 2023/10/20 12:0 a.m.•2 views

Modoboa Cross-Site Scripting Vulnerability

modoboa is an email hosting and management platform for individual developers. A cross-site scripting vulnerability exists in versions prior to modoboa 2.2.2, which originated at https://demo.modoboa.org/user/profile/中存在跨站脚本漏洞...

9.8CVSS6.1AI score0.00141EPSS

Exploits1References3

CNNVD•added 2023/10/20 12:0 a.m.•0 views

Modoboa Cross-Site Scripting Vulnerability

modoboa is an email hosting and management platform for individual developers. A cross-site scripting vulnerability exists in versions prior to modoboa 2.2.2, which stems from a cross-site scripting vulnerability in the language field of the configuration file...

7.1CVSS6.1AI score0.00141EPSS

Exploits1References3

CNNVD•added 2023/10/20 12:0 a.m.•2 views

Modoboa Cross-Site Request Forgery Vulnerability

modoboa is an email hosting and management platform for individual developers. A cross-site request forgery vulnerability exists in versions prior to modoboa 2.2.2, which stems from a cross-site request forgery vulnerability in the logout feature...

8.8CVSS6.7AI score0.00324EPSS

Exploits1References3

Positive Technologies•added 2023/10/20 12:0 a.m.•2 views

PT-2023-32263 · Modoboa · Modoboa

Name of the Vulnerable Software and Affected Versions: modoboa/modoboa versions prior to 2.2.2 Description: The issue is related to Cross-site Scripting XSS - DOM, which allows an attacker to execute malicious scripts in the browser of a user. This can lead to unauthorized actions being taken on...

9.8CVSS6.8AI score0.00141EPSS

Exploits1References9

Positive Technologies•added 2023/10/20 12:0 a.m.•3 views

PT-2023-32265 · Modoboa · Modoboa

Name of the Vulnerable Software and Affected Versions: modoboa/modoboa versions prior to 2.2.2 Description: The issue is related to Cross-Site Request Forgery CSRF in the modoboa/modoboa GitHub repository. Recommendations: For versions prior to 2.2.2, update to version 2.2.2 or later to resolve t...

8.8CVSS5.6AI score0.00324EPSS

Exploits1References9

Positive Technologies•added 2023/10/20 12:0 a.m.•3 views

PT-2023-32264 · Modoboa · Modoboa

Name of the Vulnerable Software and Affected Versions: modoboa/modoboa versions prior to 2.2.2 Description: The issue is related to Cross-site Scripting XSS - DOM, which allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or control...

7.5CVSS7AI score0.02718EPSS

Exploits1References13

Huntr•added 2023/08/20 3:58 p.m.•11 views

DOM XSS in https://demo.modoboa.org/user/#profile/

Description I noticed, your website is very secure. But you overlooked a flaw DOM XSS. Detail: 1 .Login with demo account. 2 .Go to the link: https://demo.modoboa.org/user/profile/ and click Update 3 .Use burp to block proxy and inject payload in &language: Proof of Concept Video Poc...

4.9CVSS6.7AI score0.00141EPSS

Exploits1

Veracode•added 2023/05/02 9:19 a.m.•20 views

Cross-Site Request Forgery (CSRF)

modoboa is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in domain.py and identity.py due to missing POST restrictions which allows an attacker to update admin accounts...

6.8CVSS6.4AI score0.00139EPSS

Exploits1References5Affected Software1

Veracode•added 2023/05/02 8:25 a.m.•18 views

Improper Authorization

modoboa is vulnerable to Missing Authorization. The vulnerability exists due to missing authorization checks on the /api/v2/parameters/core/ API endpoint which allows an attacker to gain sensitive information...

9.1CVSS8.8AI score0.77817EPSS

Exploits1References5Affected Software1

Veracode•added 2023/05/02 8:0 a.m.•24 views

Weak Password Requirements

modoboa has Weak Password Requirements. The vulnerability exists in the clean function of forms.py due to lack of check conditions which allows an attacker to set unsafe passwords and bypass the password requirements...

9.8CVSS9AI score0.00309EPSS

Exploits1References5Affected Software1

CNVD•added 2023/04/24 12:0 a.m.•5 views

modoboa cross-site request forgery vulnerability (CNVD-2023-32765)

modoboa is an email hosting and management platform for individual developers. A cross-site request forgery vulnerability exists in modoboa versions prior to 2.1.0, which stems from /admin/accounts/id/edit/?activetab=default does not adequately validate that the request is from a trusted user. An...

6.8CVSS6.5AI score0.00139EPSS

Exploits1References1

CNVD•added 2023/04/24 12:0 a.m.•5 views

Modoboa Information Disclosure Vulnerability

modoboa is an email hosting and management platform for individual developers. An information disclosure vulnerability exists in modoboa versions prior to 2.1.0, which originates when /api/v2/parameters/core/ returns sensitive information without any authentication or authorization. An attacker c...

9.1CVSS6.2AI score0.77817EPSS

Exploits1References1

OSV•added 2023/04/21 3:30 p.m.•15 views

GHSA-6PVF-CQ4F-HFJP modoboa vulnerable to Cross-Site Request Forgery

modoboa prior to 2.1.0 is vulnerable to cross-site request forgery. An attacker must be logged in as admin to exploit this issue...

8.4CVSS6.3AI score0.00139EPSS

Exploits1References5

Github Security Blog•added 2023/04/21 3:30 p.m.•19 views

Improper Authorization in modoboa

In modoboa prior to 2.1.0, sending a GET request to the endpoint /api/v2/parameters/core/ returns sensitive information without any authentication or authorization...

9.1CVSS6.1AI score0.77817EPSS

Exploits1References5Affected Software1

OSV•added 2023/04/21 3:30 p.m.•10 views

GHSA-67MG-GM8M-PH5R Improper Authorization in modoboa

In modoboa prior to 2.1.0, sending a GET request to the endpoint /api/v2/parameters/core/ returns sensitive information without any authentication or authorization...

9.3CVSS9.1AI score0.77817EPSS

Exploits1References5

Github Security Blog•added 2023/04/21 3:30 p.m.•23 views

modoboa vulnerable to Cross-Site Request Forgery

modoboa prior to 2.1.0 is vulnerable to cross-site request forgery. An attacker must be logged in as admin to exploit this issue...

6.8CVSS5.9AI score0.00139EPSS

Exploits1References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by