VYPR

Modoboa

by Modoboa

pypi: modoboa

Source repositories

CVEs (14)

  • CVE-2023-0777CriFeb 10, 2023
    risk 0.61cvss 9.8epss 0.15

    Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.

  • CVE-2023-2227CriApr 21, 2023
    risk 0.56cvss 9.1epss 0.44

    Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.

  • CVE-2023-5690HigOct 20, 2023
    risk 0.50cvss 8.8epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2.

  • CVE-2023-2228MedApr 21, 2023
    risk 0.37cvss 6.8epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0.

  • CVE-2023-0438MedJan 23, 2023
    risk 0.35cvss 6.5epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.

  • CVE-2023-0398MedJan 19, 2023
    risk 0.35cvss 6.5epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.

  • CVE-2023-2160MedApr 18, 2023
    risk 0.34cvss 6.3epss 0.01

    Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.

  • CVE-2023-5689MedOct 20, 2023
    risk 0.28cvss 5.4epss 0.01

    Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.

  • CVE-2023-5688MedOct 20, 2023
    risk 0.28cvss 5.4epss 0.01

    Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.

  • CVE-2023-0519MedJan 26, 2023
    risk 0.28cvss 5.4epss 0.01

    Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.

  • CVE-2023-0470MedJan 26, 2023
    risk 0.28cvss 5.4epss 0.01

    Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.

  • CVE-2023-0949MedFeb 22, 2023
    risk 0.24cvss 4.8epss 0.00

    Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5.

  • CVE-2023-0406MedJan 19, 2023
    risk 0.21cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.

  • CVE-2026-27602Mar 25, 2026
    risk 0.00cvss epss 0.01

    Modoboa is a mail hosting and management platform. Prior to version 2.7.1, `exec_cmd()` in `modoboa/lib/sysutils.py` always runs subprocess calls with `shell=True`. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can…

VYPR — Vulnerability Intelligence