Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
froxlor froxlor vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-0877
Code Injection in GitHub repository froxlor/froxlor before 2.0.11.
Froxlor Froxlor
5.4
CVSSv3
CVE-2022-4864
Argument Injection in GitHub repository froxlor/froxlor before 2.0.0-beta1.
Froxlor Froxlor
4.3
CVSSv3
CVE-2022-4867
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor before 2.0.0-beta1.
Froxlor Froxlor
4.3
CVSSv3
CVE-2022-4868
Improper Authorization in GitHub repository froxlor/froxlor before 2.0.0-beta1.
Froxlor Froxlor
9.8
CVSSv3
CVE-2016-5100
Froxlor prior to 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote malicious users to guess the password reset token by predicting a value.
Froxlor Froxlor
4.6
CVSSv3
CVE-2022-3721
Code Injection in GitHub repository froxlor/froxlor before 0.10.39.
Froxlor Froxlor
8.8
CVSSv3
CVE-2023-1033
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor before 2.0.11.
Froxlor Froxlor
6.1
CVSSv3
CVE-2020-29653
Froxlor up to and including 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags.
Froxlor Froxlor
7.2
CVSSv3
CVE-2023-3668
Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor before 2.0.21.
Froxlor Froxlor
7.2
CVSSv3
CVE-2018-1000527
Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $_POST['ssl_ipandport...
Froxlor Froxlor
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »