modoboa CVE Vulnerabilities & Metrics

Focus on modoboa vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About modoboa Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with modoboa. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total modoboa CVEs: 15
Earliest CVE date: 10 Dec 2019, 20:15 UTC
Latest CVE date: 20 Oct 2023, 17:15 UTC

Latest CVE reference: CVE-2023-5690

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical modoboa CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.33

Max CVSS: 5.0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	14
4.0-6.9	1
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS modoboa CVEs

These are the five CVEs with the highest CVSS scores for modoboa, sorted by severity first and recency.

CVE-2019-19702 modoboa Published on 10 Dec 2019, 20:15 UTC (CVSS: 5.0)
The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML documents that are emailed to the address in the rua field of the DMARC records of a domain.
CVE-2023-5690 modoboa Published on 20 Oct 2023, 17:15 UTC (CVSS: 0)
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2.
CVE-2023-5689 modoboa Published on 20 Oct 2023, 17:15 UTC (CVSS: 0)
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.
CVE-2023-5688 modoboa Published on 20 Oct 2023, 17:15 UTC (CVSS: 0)
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.
CVE-2023-2228 modoboa Published on 21 Apr 2023, 13:15 UTC (CVSS: 0)
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0.

All CVEs for modoboa

CVE-2023-5690 modoboa vulnerability CVSS: 0 20 Oct 2023, 17:15 UTC

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2.

CVE-2023-5689 modoboa vulnerability CVSS: 0 20 Oct 2023, 17:15 UTC

Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.

CVE-2023-5688 modoboa vulnerability CVSS: 0 20 Oct 2023, 17:15 UTC

Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.

CVE-2023-2228 modoboa vulnerability CVSS: 0 21 Apr 2023, 13:15 UTC

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0.

CVE-2023-2227 modoboa vulnerability CVSS: 0 21 Apr 2023, 13:15 UTC

Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.

CVE-2023-2160 modoboa vulnerability CVSS: 0 18 Apr 2023, 16:15 UTC

Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.

CVE-2023-0949 modoboa vulnerability CVSS: 0 22 Feb 2023, 09:15 UTC

Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5.

CVE-2023-0860 modoboa vulnerability CVSS: 0 16 Feb 2023, 10:15 UTC

Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4.

CVE-2023-0777 modoboa vulnerability CVSS: 0 10 Feb 2023, 19:15 UTC

Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.

CVE-2023-0519 modoboa vulnerability CVSS: 0 26 Jan 2023, 23:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.

CVE-2023-0470 modoboa vulnerability CVSS: 0 26 Jan 2023, 22:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.

CVE-2023-0438 modoboa vulnerability CVSS: 0 23 Jan 2023, 14:15 UTC

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.

CVE-2023-0406 modoboa vulnerability CVSS: 0 19 Jan 2023, 18:15 UTC

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.

CVE-2023-0398 modoboa vulnerability CVSS: 0 19 Jan 2023, 09:15 UTC

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.

CVE-2019-19702 modoboa vulnerability CVSS: 5.0 10 Dec 2019, 20:15 UTC

The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML documents that are emailed to the address in the rua field of the DMARC records of a domain.