Cross-site Scripting (XSS) - DOM in modoboa/modoboa
CVE-2023-5689

7.1HIGH

Key Information:

Vendor

Modoboa

Status
Modoboa/modoboa
Vendor
CVE Published:
20 October 2023

What is CVE-2023-5689?

The vulnerability presents a Cross-Site Scripting (XSS) flaw affecting Modoboa before version 2.2.2. This security issue allows attackers to inject malicious scripts into the application, which can then be executed in the context of a user's browser. This XSS vulnerability can lead to unauthorized access to sensitive information, session hijacking, or redirection to malicious websites. Users are advised to upgrade to the patched version to mitigate any potential risks associated with this security issue.

Affected Version(s)

modoboa/modoboa < 2.2.2

References

https://huntr.com/bounties/24835833-3421-412b-bafb-1b7ea3...
https://github.com/modoboa/modoboa/commit/d33d3cd2d11dbfe...

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.