274 matches found
CVE-2023-5689 Cross-site Scripting (XSS) - DOM in modoboa/modoboa
Cross-site Scripting XSS - DOM in GitHub repository modoboa/modoboa prior to 2.2.2...
CVE-2023-5689 Cross-site Scripting (XSS) - DOM in modoboa/modoboa
Cross-site Scripting XSS - DOM in GitHub repository modoboa/modoboa prior to 2.2.2...
CVE-2023-5689 Cross-site Scripting (XSS) - DOM in modoboa/modoboa
Cross-site Scripting XSS - DOM in GitHub repository modoboa/modoboa prior to 2.2.2...
CVE-2023-5689
CVE-2023-5689 is a DOM-based Cross-site Scripting (XSS) vulnerability in the GitHub repository modoboa/modoboa, affecting versions prior to 2.2.2. The issue concerns client-side DOM handling that allows an attacker to inject and execute script in a victim’s browser. The provided documents do not ...
CVE-2023-5688 Cross-site Scripting (XSS) - DOM in modoboa/modoboa
Cross-site Scripting XSS - DOM in GitHub repository modoboa/modoboa prior to 2.2.2...
CVE-2023-5688
CVE-2023-5688 affects modoboa/modoboa prior to 2.2.2 and is described as a DOM-based Cross-site Scripting (XSS) vulnerability. The vulnerability is triggered through the browser environment, allowing an attacker to execute malicious scripts in a user’s session. Public references confirm the issue...
CVE-2023-5688 Cross-site Scripting (XSS) - DOM in modoboa/modoboa
Cross-site Scripting XSS - DOM in GitHub repository modoboa/modoboa prior to 2.2.2...
CVE-2023-5688 Cross-site Scripting (XSS) - DOM in modoboa/modoboa
Cross-site Scripting XSS - DOM in GitHub repository modoboa/modoboa prior to 2.2.2...
PT-2023-32264 · Modoboa · Modoboa
Name of the Vulnerable Software and Affected Versions: modoboa/modoboa versions prior to 2.2.2 Description: The issue is related to Cross-site Scripting XSS - DOM, which allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or control...
Modoboa Cross-Site Scripting Vulnerability
modoboa is an email hosting and management platform for individual developers. A cross-site scripting vulnerability exists in versions prior to modoboa 2.2.2, which stems from a cross-site scripting vulnerability in the language field of the configuration file...
PT-2023-32263 · Modoboa · Modoboa
Name of the Vulnerable Software and Affected Versions: modoboa/modoboa versions prior to 2.2.2 Description: The issue is related to Cross-site Scripting XSS - DOM, which allows an attacker to execute malicious scripts in the browser of a user. This can lead to unauthorized actions being taken on...
Modoboa Cross-Site Scripting Vulnerability
modoboa is an email hosting and management platform for individual developers. A cross-site scripting vulnerability exists in versions prior to modoboa 2.2.2, which originated at https://demo.modoboa.org/user/profile/中存在跨站脚本漏洞...
Modoboa Cross-Site Request Forgery Vulnerability
modoboa is an email hosting and management platform for individual developers. A cross-site request forgery vulnerability exists in versions prior to modoboa 2.2.2, which stems from a cross-site request forgery vulnerability in the logout feature...
PT-2023-32265 · Modoboa · Modoboa
Name of the Vulnerable Software and Affected Versions: modoboa/modoboa versions prior to 2.2.2 Description: The issue is related to Cross-Site Request Forgery CSRF in the modoboa/modoboa GitHub repository. Recommendations: For versions prior to 2.2.2, update to version 2.2.2 or later to resolve t...
DOM XSS in https://demo.modoboa.org/user/#profile/
Description I noticed, your website is very secure. But you overlooked a flaw DOM XSS. Detail: 1 .Login with demo account. 2 .Go to the link: https://demo.modoboa.org/user/profile/ and click Update 3 .Use burp to block proxy and inject payload in &language: Proof of Concept Video Poc...
Cross-Site Request Forgery (CSRF)
modoboa is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in domain.py and identity.py due to missing POST restrictions which allows an attacker to update admin accounts...
Improper Authorization
modoboa is vulnerable to Missing Authorization. The vulnerability exists due to missing authorization checks on the /api/v2/parameters/core/ API endpoint which allows an attacker to gain sensitive information...
Weak Password Requirements
modoboa has Weak Password Requirements. The vulnerability exists in the clean function of forms.py due to lack of check conditions which allows an attacker to set unsafe passwords and bypass the password requirements...
Modoboa Information Disclosure Vulnerability
modoboa is an email hosting and management platform for individual developers. An information disclosure vulnerability exists in modoboa versions prior to 2.1.0, which originates when /api/v2/parameters/core/ returns sensitive information without any authentication or authorization. An attacker c...
modoboa cross-site request forgery vulnerability (CNVD-2023-32765)
modoboa is an email hosting and management platform for individual developers. A cross-site request forgery vulnerability exists in modoboa versions prior to 2.1.0, which stems from /admin/accounts/id/edit/?activetab=default does not adequately validate that the request is from a trusted user. An...