Modoboa
by Modoboa
Source repositories
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-0777 | Cri | 0.61 | 9.8 | 0.15 | Feb 10, 2023 | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. | ||
| CVE-2023-2227 | Cri | 0.56 | 9.1 | 0.44 | Apr 21, 2023 | Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. | ||
| CVE-2023-5690 | Hig | 0.50 | 8.8 | 0.00 | Oct 20, 2023 | Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2. | ||
| CVE-2023-2228 | Med | 0.37 | 6.8 | 0.00 | Apr 21, 2023 | Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0. | ||
| CVE-2023-0438 | Med | 0.35 | 6.5 | 0.00 | Jan 23, 2023 | Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | ||
| CVE-2023-0398 | Med | 0.35 | 6.5 | 0.00 | Jan 19, 2023 | Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | ||
| CVE-2023-2160 | Med | 0.34 | 6.3 | 0.01 | Apr 18, 2023 | Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0. | ||
| CVE-2023-5689 | Med | 0.28 | 5.4 | 0.01 | Oct 20, 2023 | Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2. | ||
| CVE-2023-5688 | Med | 0.28 | 5.4 | 0.01 | Oct 20, 2023 | Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2. | ||
| CVE-2023-0519 | Med | 0.28 | 5.4 | 0.01 | Jan 26, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4. | ||
| CVE-2023-0470 | Med | 0.28 | 5.4 | 0.01 | Jan 26, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4. | ||
| CVE-2023-0949 | Med | 0.24 | 4.8 | 0.00 | Feb 22, 2023 | Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5. | ||
| CVE-2023-0406 | Med | 0.21 | 4.3 | 0.00 | Jan 19, 2023 | Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | ||
| CVE-2026-27602 | 0.00 | — | 0.01 | Mar 25, 2026 | Modoboa is a mail hosting and management platform. Prior to version 2.7.1, `exec_cmd()` in `modoboa/lib/sysutils.py` always runs subprocess calls with `shell=True`. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can… |
- risk 0.61cvss 9.8epss 0.15
Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.
- risk 0.56cvss 9.1epss 0.44
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.
- risk 0.50cvss 8.8epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2.
- risk 0.37cvss 6.8epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0.
- risk 0.35cvss 6.5epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.
- risk 0.35cvss 6.5epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.
- risk 0.34cvss 6.3epss 0.01
Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.
- risk 0.28cvss 5.4epss 0.01
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.
- risk 0.28cvss 5.4epss 0.01
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.
- risk 0.28cvss 5.4epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.
- risk 0.28cvss 5.4epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.
- risk 0.24cvss 4.8epss 0.00
Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5.
- risk 0.21cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.
- CVE-2026-27602Mar 25, 2026risk 0.00cvss —epss 0.01
Modoboa is a mail hosting and management platform. Prior to version 2.7.1, `exec_cmd()` in `modoboa/lib/sysutils.py` always runs subprocess calls with `shell=True`. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can…