Froxlor: >> Froxlor >> 0.10.16 Security Vulnerabilities
Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-01-16
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
CVSS Score
7.2
EPSS Score
0.896
Published
2023-01-16
Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-12-31
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
CVSS Score
3.5
EPSS Score
0.002
Published
2022-12-31
Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-12-30
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.
CVSS Score
6.5
EPSS Score
0.293
Published
2022-11-05
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.
CVSS Score
7.6
EPSS Score
0.001
Published
2022-11-04
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-08-28
Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-04-13
Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-22