Froxlor: >> Froxlor >> 0.10.16 Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-22
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.
CVSS Score
9.8
EPSS Score
0.055
Published
2021-10-12
Page 4