Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

modoboa

Source -

CNAADPNVD

CNA CVEs -

1

ADP CVEs -

3

CISA CVEs -

0

NVD CVEs -

14
Related CVEsRelated VendorsRelated AssignersReports
14Vulnerabilities found
CVE-2026-27602
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.2||HIGH
EPSS-0.04% / 10.98%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 18:49
Updated-26 Mar, 2026 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Modoboa has an OS Command Injection

Modoboa is a mail hosting and management platform. Prior to version 2.7.1, `exec_cmd()` in `modoboa/lib/sysutils.py` always runs subprocess calls with `shell=True`. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacters in a domain name to run arbitrary OS commands on the server. Version 2.7.1 patches the issue.

Action-Not Available
Vendor-modoboamodoboa
Product-modoboamodoboa
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-5690
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 55.77%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 16:22
Updated-11 Sep, 2024 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in modoboa/modoboa

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2.

Action-Not Available
Vendor-modoboamodoboamodoboa
Product-modoboamodoboa/modoboamodoboa
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-5689
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.02%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 16:22
Updated-11 Sep, 2024 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - DOM in modoboa/modoboa

Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.

Action-Not Available
Vendor-modoboamodoboamodoboa
Product-modoboamodoboa/modoboamodoboa
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-5688
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 34.02%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 16:22
Updated-11 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - DOM in modoboa/modoboa

Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.

Action-Not Available
Vendor-modoboamodoboamodoboa
Product-modoboamodoboa/modoboamodoboa
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2227
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.1||CRITICAL
EPSS-77.82% / 99.02%
||
7 Day CHG~0.00%
Published-21 Apr, 2023 | 00:00
Updated-04 Feb, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authorization in modoboa/modoboa

Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.

Action-Not Available
Vendor-modoboamodoboa
Product-modoboamodoboa/modoboa
CWE ID-CWE-285
Improper Authorization
CVE-2023-2228
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 33.69%
||
7 Day CHG~0.00%
Published-21 Apr, 2023 | 00:00
Updated-04 Feb, 2025 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in modoboa/modoboa

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0.

Action-Not Available
Vendor-modoboamodoboa
Product-modoboamodoboa/modoboa
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-2160
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.3||MEDIUM
EPSS-0.31% / 54.40%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weak Password Requirements in modoboa/modoboa

Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.

Action-Not Available
Vendor-modoboamodoboa
Product-modoboamodoboa/modoboa
CWE ID-CWE-521
Weak Password Requirements
CVE-2023-0949
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.8||MEDIUM
EPSS-0.15% / 35.17%
||
7 Day CHG~0.00%
Published-22 Feb, 2023 | 00:00
Updated-12 Mar, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - Reflected in modoboa/modoboa

Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5.

Action-Not Available
Vendor-modoboamodoboa
Product-modoboamodoboa/modoboa
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0777
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.6||HIGH
EPSS-75.02% / 98.89%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass by Primary Weakness in modoboa/modoboa

Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.

Action-Not Available
Vendor-modoboamodoboa
Product-modoboamodoboa/modoboa
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CVE-2023-0519
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.1||HIGH
EPSS-0.21% / 43.88%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 00:00
Updated-31 Mar, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - Stored in modoboa/modoboa

Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.

Action-Not Available
Vendor-modoboamodoboa
Product-modoboamodoboa/modoboa
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0470
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.1||HIGH
EPSS-0.21% / 43.88%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 00:00
Updated-31 Mar, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - Stored in modoboa/modoboa

Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.

Action-Not Available
Vendor-modoboamodoboa
Product-modoboamodoboa/modoboa
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0438
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 39.63%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in modoboa/modoboa

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.

Action-Not Available
Vendor-modoboamodoboa
Product-modoboamodoboa/modoboa
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-0406
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.4||MEDIUM
EPSS-0.31% / 54.71%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in modoboa/modoboa

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.

Action-Not Available
Vendor-modoboamodoboa
Product-modoboamodoboa/modoboa
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-0398
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.11%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in modoboa/modoboa

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.

Action-Not Available
Vendor-modoboamodoboa
Product-modoboamodoboa/modoboa
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)