Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
froxlor froxlor vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-29653
Froxlor up to and including 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags.
Froxlor Froxlor
5.5
CVSSv3
CVE-2020-10237
An issue exists in Froxlor up to and including 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file...
Froxlor Froxlor
9.8
CVSSv3
CVE-2021-42325
Froxlor up to and including 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.
Froxlor Froxlor
1 Github repository
8.8
CVSSv3
CVE-2020-10235
An issue exists in Froxlor prior to 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInsta...
Froxlor Froxlor
9.8
CVSSv3
CVE-2016-5100
Froxlor prior to 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote malicious users to guess the password reset token by predicting a value.
Froxlor Froxlor
6.1
CVSSv3
CVE-2020-10236
An issue exists in Froxlor prior to 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local malicious users to cause DoS or disclose information out of the config files, because of _createUserdataC...
Froxlor Froxlor
5.4
CVSSv3
CVE-2020-28957
Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields.
Froxlor Froxlor 0.10.16
NA
CVE-2024-34070
Froxlor is open source server administration software. before 2.1.9, a Stored Blind Cross-Site Scripting (XSS) vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginna...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4