Froxlor: >> Froxlor >> 0.10.15 Security Vulnerabilities
Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-12-31
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
CVSS Score
3.5
EPSS Score
0.002
Published
2022-12-31
Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-12-30
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.
CVSS Score
6.5
EPSS Score
0.149
Published
2022-11-05
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.
CVSS Score
7.6
EPSS Score
0.004
Published
2022-11-04
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-08-28
Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-04-13
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.
CVSS Score
9.8
EPSS Score
0.055
Published
2021-10-12
An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-03-09
Page 4