modoboa@1.8.3 vulnerabilities

Mail hosting made simple

latest version

2.2.4
latest non vulnerable version

2.2.4
first published

9 years ago
latest version published

4 months ago
licenses detected
- ISC
  [0.7.0,1.2.0-rc2); [1.6.1,)
View modoboa package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the modoboa package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when displaying the form error messages. How to fix Cross-site Scripting (XSS)? Upgrade `modoboa` to version 2.2.2 or higher.	[,2.2.2)
M Cross-Site Request Forgery (CSRF) modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) due to the improper handling of user requests. An attacker can trick the victim into executing an unwanted logout by sending a malicious request. How to fix Cross-Site Request Forgery (CSRF)? Upgrade `modoboa` to version 2.2.2 or higher.	[,2.2.2)
M Cross-site Scripting (XSS) modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the profile language field due to improper user input sanitization. How to fix Cross-site Scripting (XSS)? Upgrade `modoboa` to version 2.2.2 or higher.	[,2.2.2)
M Cross-site Scripting (XSS) modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when displaying form error messages due to improper user input sanitization. How to fix Cross-site Scripting (XSS)? Upgrade `modoboa` to version 2.2.2 or higher.	[,2.2.2)
M Cross-site Request Forgery (CSRF) modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to missing checks for edit operations. How to fix Cross-site Request Forgery (CSRF)? Upgrade `modoboa` to version 2.1.0 or higher.	[,2.1.0)
M Cross-site Request Forgery (CSRF) modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) in edit operations. How to fix Cross-site Request Forgery (CSRF)? Upgrade `modoboa` to version 2.1.0 or higher.	[,2.1.0)
H Improper Authorization modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Improper Authorization due to missing permissions. Sending a GET request to the following endpoint: `/api/v2/parameters/core/` returns sensitive information without any authentication or authorization. How to fix Improper Authorization? Upgrade `modoboa` to version 2.1.0 or higher.	[,2.1.0)
M Weak Password Requirements modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Weak Password Requirements due to a bypass for the intended password requirements. How to fix Weak Password Requirements? Upgrade `modoboa` to version 2.1.0 or higher.	[0,2.1.0)
H Improper Authentication modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Improper Authentication due to not restricting or limiting unsuccessful login attempts allowing an attacker to brute force the password of a known user. How to fix Improper Authentication? Upgrade `modoboa` to version 2.0.4 or higher.	[0,2.0.4)
M Cross-site Scripting (XSS) modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, via the `admin tags` parameter. How to fix Cross-site Scripting (XSS)? Upgrade `modoboa` to version 2.0.5 or higher.	[,2.0.5)
M Cross-site Scripting (XSS) modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization of tags in the Domains page, which allows changing the "domfilter" URL query parameter to the malicious string. How to fix Cross-site Scripting (XSS)? Upgrade `modoboa` to version 2.0.5 or higher.	[,2.0.5)
H Access Restriction Bypass modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Access Restriction Bypass. The endpoint `/api/v2/token/` allows an unauthorized user to brute-force without the app blocking the request. How to fix Access Restriction Bypass? Upgrade `modoboa` to version 2.0.4 or higher.	[,2.0.4)
M Cross-site Scripting (XSS) modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when adding a domain via the `admin/domains` endpoint. How to fix Cross-site Scripting (XSS)? Upgrade `modoboa` to version 2.0.4 or higher.	[0,2.0.4)
M Cross-site Scripting (XSS) modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `username`, `first name` and `last name` parameters at the `admin/identities` endpoint. How to fix Cross-site Scripting (XSS)? Upgrade `modoboa` to version 2.0.4 or higher.	[0,2.0.4)
M Cross-site Request Forgery (CSRF) modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) in the `remove_permission()` function in `views/identity.py`, accessible via the `/admin` endpoint. How to fix Cross-site Request Forgery (CSRF)? Upgrade `modoboa` to version 2.0.4 or higher.	[0,2.0.4)
M Cross-site Request Forgery (CSRF) modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) via the delete user functionality. How to fix Cross-site Request Forgery (CSRF)? Upgrade `modoboa` to version 2.0.4 or higher.	[0,2.0.4)
M Cross-site Request Forgery (CSRF) modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) by sending `GET` request to the page `/admin/domains/{id}/delete/`. How to fix Cross-site Request Forgery (CSRF)? Upgrade `modoboa` to version 2.0.3 or higher.	[,2.0.3)

Go back to all versions of this package

modoboa@1.8.3 vulnerabilities

Mail hosting made simple

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities