Froxlor: >> Froxlor Security Vulnerabilities
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
CVSS Score
7.2
EPSS Score
0.977
Published
2023-01-16
Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
CVSS Score
6.5
EPSS Score
0.006
Published
2022-12-31
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
CVSS Score
3.5
EPSS Score
0.003
Published
2022-12-31
Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
CVSS Score
5.3
EPSS Score
0.005
Published
2022-12-30
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.
CVSS Score
6.5
EPSS Score
0.013
Published
2022-11-05
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.
CVSS Score
7.6
EPSS Score
0.008
Published
2022-11-04
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.
CVSS Score
4.3
EPSS Score
0.004
Published
2022-08-28
Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags.
CVSS Score
6.1
EPSS Score
0.014
Published
2022-04-13
Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields.
CVSS Score
5.4
EPSS Score
0.006
Published
2021-10-22
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.
CVSS Score
9.8
EPSS Score
0.118
Published
2021-10-12