Product
modoboa
16 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-27602
CVE-2023-5690
CVE-2023-5689
CVE-2023-5688
CVE-2023-2228
CVE-2023-2227
CVE-2023-2160
CVE-2023-0949
CVE-2023-0860
CVE-2023-0777
CVE-2023-0519
CVE-2023-0470
CVE-2023-0438
CVE-2023-0406
CVE-2023-0398
CVE-2019-19702
< 2.7.1
Modoboa is a mail hosting and management platform. Prior to version 2.7.1,
exec_cmd() in modoboa/lib/sysutils.py always runs s< 2.2.2
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2.
< 2.2.2
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.
< 2.2.2
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.
< 2.1.0
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0.
< 2.1.0
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.
< 2.1.0
Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.
< 2.0.5
Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5.
< 2.0.4
Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4.
< 2.0.4
Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.
< 2.0.4
Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.
< 2.0.4
Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.
< 2.0.4
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.
< 2.0.4
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.
< 2.0.4
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.
all versions
The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data