GHSA-pqgm-9g82-wcm7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-pqgm-9g82-wcm7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-pqgm-9g82-wcm7/GHSA-pqgm-9g82-wcm7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-pqgm-9g82-wcm7
- Aliases
- Published
- 2023-10-20T18:30:57Z
- Modified
- 2024-10-01T19:37:18.847493Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- modoboa Cross-site Scripting vulnerability
- Details
-
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.
- Database specific
{ "nvd_published_at": "2023-10-20T17:15:08Z", "github_reviewed_at": "2023-10-20T23:01:55Z", "github_reviewed": true, "severity": "CRITICAL", "cwe_ids": [ "CWE-79" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-5688
- https://github.com/modoboa/modoboa/commit/d33d3cd2d11dbfebd8162c46e2c2a9873919a967
- https://github.com/modoboa/modoboa
- https://github.com/pypa/advisory-database/tree/main/vulns/modoboa/PYSEC-2023-215.yaml
- https://huntr.com/bounties/0ceb10e4-952b-4ca4-baf8-5b6f12e3a8a7
Affected packages
PyPI / modoboa
Package
- Name
- modoboa
- View open source insights on deps.dev
- Purl
- pkg:pypi/modoboa
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.2
Affected versions
0.*
0.7.0
1.*
1.2.0-rc2
1.2.0
1.2.1
1.2.2
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.5.0
1.5.1
1.5.2
1.5.3
1.6.0
1.6.1
1.6.2
1.6.3
1.7.0
1.7.1
1.7.2
1.7.3
1.7.4
1.8.0
1.8.1
1.8.2
1.8.3
1.9.0
1.9.1
1.10.0
1.10.1
1.10.2
1.10.3
1.10.4
1.10.5
1.10.6
1.10.7
1.11.0
1.11.1
1.12.0
1.12.1
1.12.2
1.13.0
1.13.1
1.14.0
1.15.0
1.16.0
1.16.1
1.17.0
2.*
2.0.0b1
2.0.0b2
2.0.0b3
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.1.0
2.1.1
2.1.2.dev0
2.1.2
2.1.3.dev0
2.2.0
2.2.1