Aggregates CVE and security vulnerability intelligence across all froxlor-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting, vendor risk path handling, vendor risk csrf, and vendor risk input validation and related problems; some flaws may lead to vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-2034 | Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14. | [email protected] | 8.8 | 9.01% | 2023-04-14 | 2024-11-21 |
| CVE-2023-1307 | Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13. | [email protected] | 9.8 | 0.47% | 2023-03-10 | 2024-11-21 |
| CVE-2023-1033 | Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11. | [email protected] | 8.8 | 0.21% | 2023-02-25 | 2024-11-21 |
| CVE-2023-0877 | Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11. | [email protected] | 8.8 | 0.47% | 2023-02-17 | 2024-11-21 |
| CVE-2023-0671 | Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. | [email protected] | 8.8 | 0.51% | 2023-02-04 | 2024-11-21 |
| CVE-2023-0572 | Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10. | [email protected] | 5.3 | 0.24% | 2023-01-29 | 2024-11-21 |
| CVE-2023-0566 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10. | [email protected] | 6.2 | 0.30% | 2023-01-29 | 2024-11-21 |
| CVE-2023-0565 | Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10. | [email protected] | 5.5 | 0.21% | 2023-01-29 | 2024-11-21 |
| CVE-2023-0564 | Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10. | [email protected] | 5.4 | 0.18% | 2023-01-29 | 2024-11-21 |
| CVE-2023-0316 | Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0. | [email protected] | 5.5 | 0.27% | 2023-01-16 | 2024-11-21 |
| CVE-2023-0315 | Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8. | [email protected] | 8.8 | 89.13% | 2023-01-16 | 2024-11-21 |
| CVE-2022-4868 | Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | [email protected] | 4.3 | 0.24% | 2022-12-31 | 2024-11-21 |
| CVE-2022-4867 | Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | [email protected] | 4.3 | 0.15% | 2022-12-31 | 2024-11-21 |
| CVE-2022-4864 | Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | [email protected] | 5.4 | 0.30% | 2022-12-30 | 2024-11-21 |
| CVE-2022-3869 | Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. | [email protected] | 6.1 | 14.86% | 2022-11-05 | 2024-11-21 |
| CVE-2022-3721 | Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39. | [email protected] | 4.6 | 0.39% | 2022-11-04 | 2025-05-02 |
| CVE-2022-3017 | Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38. | [email protected] | 6.5 | 0.05% | 2022-08-28 | 2024-11-21 |
| CVE-2020-29653 | Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags. | [email protected] | 6.1 | 0.33% | 2022-04-13 | 2024-11-21 |
| CVE-2020-28957 | Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields. | [email protected] | 5.4 | 0.19% | 2021-10-22 | 2024-11-21 |
| CVE-2021-42325 | Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name. | [email protected] | 9.8 | 5.52% | 2021-10-12 | 2024-11-21 |