Lucene search
K

274 matches found

Vulnrichment
Vulnrichment
added 2023/10/20 4:22 p.m.12 views

CVE-2023-5689 Cross-site Scripting (XSS) - DOM in modoboa/modoboa

Cross-site Scripting XSS - DOM in GitHub repository modoboa/modoboa prior to 2.2.2...

7.1CVSS6AI score0.00514EPSS
Exploits1References2
OSV
OSV
added 2023/10/20 4:22 p.m.13 views

CVE-2023-5689 Cross-site Scripting (XSS) - DOM in modoboa/modoboa

Cross-site Scripting XSS - DOM in GitHub repository modoboa/modoboa prior to 2.2.2...

7.1CVSS6.6AI score0.00514EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/10/20 4:22 p.m.17 views

CVE-2023-5689 Cross-site Scripting (XSS) - DOM in modoboa/modoboa

Cross-site Scripting XSS - DOM in GitHub repository modoboa/modoboa prior to 2.2.2...

7.1CVSS5.5AI score0.00514EPSS
Exploits1References2
CVE
CVE
added 2023/10/20 4:22 p.m.95 views

CVE-2023-5689

CVE-2023-5689 is a DOM-based Cross-site Scripting (XSS) vulnerability in the GitHub repository modoboa/modoboa, affecting versions prior to 2.2.2. The issue concerns client-side DOM handling that allows an attacker to inject and execute script in a victim’s browser. The provided documents do not ...

7.1CVSS5.4AI score0.00514EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/20 4:22 p.m.11 views

CVE-2023-5688 Cross-site Scripting (XSS) - DOM in modoboa/modoboa

Cross-site Scripting XSS - DOM in GitHub repository modoboa/modoboa prior to 2.2.2...

9.8CVSS6AI score0.00565EPSS
Exploits1References2
CVE
CVE
added 2023/10/20 4:22 p.m.93 views

CVE-2023-5688

CVE-2023-5688 affects modoboa/modoboa prior to 2.2.2 and is described as a DOM-based Cross-site Scripting (XSS) vulnerability. The vulnerability is triggered through the browser environment, allowing an attacker to execute malicious scripts in a user’s session. Public references confirm the issue...

9.8CVSS5.5AI score0.00565EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/10/20 4:22 p.m.36 views

CVE-2023-5688 Cross-site Scripting (XSS) - DOM in modoboa/modoboa

Cross-site Scripting XSS - DOM in GitHub repository modoboa/modoboa prior to 2.2.2...

9.8CVSS5.5AI score0.00565EPSS
Exploits1References2
OSV
OSV
added 2023/10/20 4:22 p.m.24 views

CVE-2023-5688 Cross-site Scripting (XSS) - DOM in modoboa/modoboa

Cross-site Scripting XSS - DOM in GitHub repository modoboa/modoboa prior to 2.2.2...

9.8CVSS7.9AI score0.00565EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/10/20 12:0 a.m.6 views

PT-2023-32264 · Modoboa · Modoboa

Name of the Vulnerable Software and Affected Versions: modoboa/modoboa versions prior to 2.2.2 Description: The issue is related to Cross-site Scripting XSS - DOM, which allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or control...

7.5CVSS7AI score0.02775EPSS
Exploits1References13
CNNVD
CNNVD
added 2023/10/20 12:0 a.m.4 views

Modoboa Cross-Site Scripting Vulnerability

modoboa is an email hosting and management platform for individual developers. A cross-site scripting vulnerability exists in versions prior to modoboa 2.2.2, which stems from a cross-site scripting vulnerability in the language field of the configuration file...

7.1CVSS6.1AI score0.00514EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/10/20 12:0 a.m.6 views

PT-2023-32263 · Modoboa · Modoboa

Name of the Vulnerable Software and Affected Versions: modoboa/modoboa versions prior to 2.2.2 Description: The issue is related to Cross-site Scripting XSS - DOM, which allows an attacker to execute malicious scripts in the browser of a user. This can lead to unauthorized actions being taken on...

9.8CVSS6.8AI score0.00565EPSS
Exploits1References9
CNNVD
CNNVD
added 2023/10/20 12:0 a.m.5 views

Modoboa Cross-Site Scripting Vulnerability

modoboa is an email hosting and management platform for individual developers. A cross-site scripting vulnerability exists in versions prior to modoboa 2.2.2, which originated at https://demo.modoboa.org/user/profile/中存在跨站脚本漏洞...

9.8CVSS6.1AI score0.00565EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/10/20 12:0 a.m.5 views

Modoboa Cross-Site Request Forgery Vulnerability

modoboa is an email hosting and management platform for individual developers. A cross-site request forgery vulnerability exists in versions prior to modoboa 2.2.2, which stems from a cross-site request forgery vulnerability in the logout feature...

8.8CVSS6.7AI score0.00428EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/10/20 12:0 a.m.6 views

PT-2023-32265 · Modoboa · Modoboa

Name of the Vulnerable Software and Affected Versions: modoboa/modoboa versions prior to 2.2.2 Description: The issue is related to Cross-Site Request Forgery CSRF in the modoboa/modoboa GitHub repository. Recommendations: For versions prior to 2.2.2, update to version 2.2.2 or later to resolve t...

8.8CVSS5.6AI score0.00428EPSS
Exploits1References9
Huntr
Huntr
added 2023/08/20 3:58 p.m.15 views

DOM XSS in https://demo.modoboa.org/user/#profile/

Description I noticed, your website is very secure. But you overlooked a flaw DOM XSS. Detail: 1 .Login with demo account. 2 .Go to the link: https://demo.modoboa.org/user/profile/ and click Update 3 .Use burp to block proxy and inject payload in &language: Proof of Concept Video Poc...

4.9CVSS6.7AI score0.00565EPSS
Exploits1
Veracode
Veracode
added 2023/05/02 9:19 a.m.22 views

Cross-Site Request Forgery (CSRF)

modoboa is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in domain.py and identity.py due to missing POST restrictions which allows an attacker to update admin accounts...

6.8CVSS6.4AI score0.00378EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2023/05/02 8:25 a.m.20 views

Improper Authorization

modoboa is vulnerable to Missing Authorization. The vulnerability exists due to missing authorization checks on the /api/v2/parameters/core/ API endpoint which allows an attacker to gain sensitive information...

9.1CVSS8.8AI score0.43756EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2023/05/02 8:0 a.m.26 views

Weak Password Requirements

modoboa has Weak Password Requirements. The vulnerability exists in the clean function of forms.py due to lack of check conditions which allows an attacker to set unsafe passwords and bypass the password requirements...

9.8CVSS9AI score0.00619EPSS
Exploits1References5Affected Software1
CNVD
CNVD
added 2023/04/24 12:0 a.m.6 views

Modoboa Information Disclosure Vulnerability

modoboa is an email hosting and management platform for individual developers. An information disclosure vulnerability exists in modoboa versions prior to 2.1.0, which originates when /api/v2/parameters/core/ returns sensitive information without any authentication or authorization. An attacker c...

9.1CVSS6.2AI score0.43756EPSS
Exploits1References1
CNVD
CNVD
added 2023/04/24 12:0 a.m.6 views

modoboa cross-site request forgery vulnerability (CNVD-2023-32765)

modoboa is an email hosting and management platform for individual developers. A cross-site request forgery vulnerability exists in modoboa versions prior to 2.1.0, which stems from /admin/accounts/id/edit/?activetab=default does not adequately validate that the request is from a trusted user. An...

6.8CVSS6.5AI score0.00378EPSS
Exploits1References1
Rows per page
Query Builder