CVE-2023-0949 : Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prio

Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5.

Published 2023-02-22 09:15:10

Updated 2023-03-02 20:09:52

Source huntr.dev

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Products affected by CVE-2023-0949

Modoboa » Modoboa » For Modoboa
Versions before (<) 2.0.5
cpe:2.3:a:modoboa:modoboa:*:*:*:*:*:modoboa:*:*
Matching versions

EPSS FAQ

0.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 27 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.8	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	1.7	2.7	huntr.dev
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None
4.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	1.7	2.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None

https://huntr.dev/bounties/ef87be4e-493b-4ee9-9738-44c55b8acc19

XSS in /admin/domains when filtering a specific tag vulnerability found in modoboa
Exploit;Third Party Advisory
https://github.com/modoboa/modoboa/commit/aa74e9a4a870162eea169e0a6a2eab841f8811b7

Merge pull request #2797 from modoboa/fix/xss_issue_with_tags · modoboa/modoboa@aa74e9a · GitHub
Patch

Jump to