CVE-2023-0470 – Cross-site Scripting (XSS) - Stored in modoboa/modoboa
https://notcve.org/view.php?id=CVE-2023-0470
Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4. Cross site scripting (XSS) - almacenado en el repositorio de GitHub modoboa/modoboa anterior a 2.0.4. • https://github.com/modoboa/modoboa/commit/354ab6884019009249097a7f3a1881d81ecd2fd2 https://huntr.dev/bounties/baae3180-b63b-4880-b2af-1a3f30056c2b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-0438 – Cross-Site Request Forgery (CSRF) in modoboa/modoboa
https://notcve.org/view.php?id=CVE-2023-0438
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. Cross Site Request Forgery (CSRF) en el repositorio de GitHub modoboa/modoboa anterior a 2.0.4. • https://github.com/modoboa/modoboa/commit/38d778cc71e370216e067d054ce0169ad83078c8 https://huntr.dev/bounties/07a5b61b-306d-47c4-8ff0-06c540c7dfb3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-0398 – Cross-Site Request Forgery (CSRF) in modoboa/modoboa
https://notcve.org/view.php?id=CVE-2023-0398
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. Cross-site Request Forgery (CSRF) en el repositorio de GitHub modoboa/modoboa anterior a 2.0.4. • https://github.com/modoboa/modoboa/commit/8e14ac93669df4f35fcdebd55dc9d2f0fed3ed48 https://huntr.dev/bounties/0a852351-00ed-44d2-a650-9055b7beed58 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-0406 – Cross-Site Request Forgery (CSRF) in modoboa/modoboa
https://notcve.org/view.php?id=CVE-2023-0406
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. Cross-Site Request Forgery (CSRF) en el repositorio de GitHub modoboa/modoboa anterior a 2.0.4. • https://github.com/modoboa/modoboa/commit/7f0573e917227686d2cc127be1364e2908740807 https://huntr.dev/bounties/d7007f76-3dbc-48a7-a2fb-377040fe100c • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-19702
https://notcve.org/view.php?id=CVE-2019-19702
The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML documents that are emailed to the address in the rua field of the DMARC records of a domain. El plugin modoboa-dmarc versión 1.1.0 para Modoboa, es vulnerable a un ataque de inyección XML External Entity (XXE) al procesar datos XML. Un atacante remoto podría explotar esto para llevar a cabo una denegación de servicio contra la funcionalidad de reportes DMARC, tal y como al hacer referencia al archivo /dev/random dentro de documentos XML que son enviados por correo electrónico a la dirección en el campo rua de los registros DMARC de un dominio. • https://github.com/modoboa/modoboa-dmarc/issues/38 • CWE-611: Improper Restriction of XML External Entity Reference •