Vulnerabilites related to froxlor - froxlor/froxlor
cve-2023-1033
Vulnerability from cvelistv5
Published
2023-02-25 00:00
Modified
2025-03-11 15:37
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.11 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:32:46.218Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-1033", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T15:36:54.677450Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T15:37:34.913Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-25T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387", }, { url: "https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950", }, ], source: { advisory: "ba3cd929-8b60-4d8d-b77d-f28409ecf387", discovery: "EXTERNAL", }, title: "Cross-Site Request Forgery (CSRF) in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-1033", datePublished: "2023-02-25T00:00:00.000Z", dateReserved: "2023-02-25T00:00:00.000Z", dateUpdated: "2025-03-11T15:37:34.913Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0565
Vulnerability from cvelistv5
Published
2023-01-29 00:00
Modified
2025-03-28 15:45
Severity ?
EPSS score ?
Summary
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.10 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:17:49.946Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/12d78294-1723-4450-a239-023952666102", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/2feb8020941a82bfb4ac68890f6ced0e5b3c4a15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0565", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-28T15:45:44.542501Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-28T15:45:51.454Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.10", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Ahmed Hassan (ahmedvienna)", }, { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Josef Hassan (josefjku)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.</p>", }, ], value: "Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-840", description: "CWE-840 Business Logic Errors", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-18T10:09:52.721Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.dev/bounties/12d78294-1723-4450-a239-023952666102", }, { url: "https://github.com/froxlor/froxlor/commit/2feb8020941a82bfb4ac68890f6ced0e5b3c4a15", }, ], source: { advisory: "12d78294-1723-4450-a239-023952666102", discovery: "EXTERNAL", }, title: "Business Logic Errors in froxlor/froxlor", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0565", datePublished: "2023-01-29T00:00:00.000Z", dateReserved: "2023-01-29T00:00:00.000Z", dateUpdated: "2025-03-28T15:45:51.454Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-1307
Vulnerability from cvelistv5
Published
2023-03-10 00:00
Modified
2025-02-28 17:06
Severity ?
EPSS score ?
Summary
Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.13 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:40:59.799Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-1307", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T17:05:24.223544Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T17:06:06.135Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.13", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-305", description: "CWE-305 Authentication Bypass by Primary Weakness", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-10T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1", }, { url: "https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23", }, ], source: { advisory: "5fe85af4-a667-41a9-a00d-f99e07c5e2f1", discovery: "EXTERNAL", }, title: "Authentication Bypass by Primary Weakness in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-1307", datePublished: "2023-03-10T00:00:00.000Z", dateReserved: "2023-03-10T00:00:00.000Z", dateUpdated: "2025-02-28T17:06:06.135Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-3173
Vulnerability from cvelistv5
Published
2023-06-09 00:00
Modified
2025-01-06 17:11
Severity ?
EPSS score ?
Summary
Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.20 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:48:07.538Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-3173", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-06T17:11:52.944889Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-06T17:11:57.332Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.20", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-307", description: "CWE-307 Improper Restriction of Excessive Authentication Attempts", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-09T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14", }, { url: "https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6", }, ], source: { advisory: "4d715f76-950d-4251-8139-3dffea798f14", discovery: "EXTERNAL", }, title: "Improper Restriction of Excessive Authentication Attempts in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-3173", datePublished: "2023-06-09T00:00:00", dateReserved: "2023-06-09T00:00:00", dateUpdated: "2025-01-06T17:11:57.332Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0564
Vulnerability from cvelistv5
Published
2023-01-29 00:00
Modified
2025-03-28 15:46
Severity ?
EPSS score ?
Summary
Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.10 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:17:50.092Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/a4f86d6f-0d5d-428d-a4b3-551b20a21ce6", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/2a84e9c1207fd3d792b7fb198fd0c66fe1a66a7a", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0564", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-28T15:46:07.580244Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-28T15:46:16.878Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.10", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Ahmed Hassan (ahmedvienna)", }, { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Josef Hassan (josefjku)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.</p>", }, ], value: "Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-521", description: "CWE-521 Weak Password Requirements", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-18T10:09:35.132Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.dev/bounties/a4f86d6f-0d5d-428d-a4b3-551b20a21ce6", }, { url: "https://github.com/froxlor/froxlor/commit/2a84e9c1207fd3d792b7fb198fd0c66fe1a66a7a", }, ], source: { advisory: "a4f86d6f-0d5d-428d-a4b3-551b20a21ce6", discovery: "EXTERNAL", }, title: "Weak Password Requirements in froxlor/froxlor", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0564", datePublished: "2023-01-29T00:00:00.000Z", dateReserved: "2023-01-29T00:00:00.000Z", dateUpdated: "2025-03-28T15:46:16.878Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0572
Vulnerability from cvelistv5
Published
2023-01-29 00:00
Modified
2025-03-28 15:42
Severity ?
EPSS score ?
Summary
Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.10 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:17:49.994Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/4ab24ee2-3ff6-4248-9555-0af3e5f754ec", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/7b08a71c59430d06c1efb012a6c6448262aacdb1", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0572", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-28T15:42:38.029869Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-28T15:42:50.200Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.10", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Ahmed Hassan (ahmedvienna)", }, { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Josef Hassan (josefjku)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.</p>", }, ], value: "Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-391", description: "CWE-391 Unchecked Error Condition", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-18T10:10:34.390Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.dev/bounties/4ab24ee2-3ff6-4248-9555-0af3e5f754ec", }, { url: "https://github.com/froxlor/froxlor/commit/7b08a71c59430d06c1efb012a6c6448262aacdb1", }, ], source: { advisory: "4ab24ee2-3ff6-4248-9555-0af3e5f754ec", discovery: "EXTERNAL", }, title: "Unchecked Error Condition in froxlor/froxlor", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0572", datePublished: "2023-01-29T00:00:00.000Z", dateReserved: "2023-01-29T00:00:00.000Z", dateUpdated: "2025-03-28T15:42:50.200Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0315
Vulnerability from cvelistv5
Published
2023-01-16 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.8 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:10:55.202Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/ff4e177b-ba48-4913-bbfa-ab8ce0db5943", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/090cfc26f2722ac3036cc7fd1861955bc36f065a", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/171108/Froxlor-2.0.6-Remote-Command-Execution.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/171729/Froxlor-2.0.3-Stable-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.8", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-06T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/ff4e177b-ba48-4913-bbfa-ab8ce0db5943", }, { url: "https://github.com/froxlor/froxlor/commit/090cfc26f2722ac3036cc7fd1861955bc36f065a", }, { url: "http://packetstormsecurity.com/files/171108/Froxlor-2.0.6-Remote-Command-Execution.html", }, { url: "http://packetstormsecurity.com/files/171729/Froxlor-2.0.3-Stable-Remote-Code-Execution.html", }, ], source: { advisory: "ff4e177b-ba48-4913-bbfa-ab8ce0db5943", discovery: "EXTERNAL", }, title: "Command Injection in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0315", datePublished: "2023-01-16T00:00:00", dateReserved: "2023-01-16T00:00:00", dateUpdated: "2024-08-02T05:10:55.202Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4868
Vulnerability from cvelistv5
Published
2022-12-31 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.0-beta1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:46.092Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/3a8f36ac-5eda-41e7-a9c4-e0f3d63e6e3b", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/0527f22dc942483430f8449e25a096bb8d683a5d", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.0-beta1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285 Improper Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-31T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/3a8f36ac-5eda-41e7-a9c4-e0f3d63e6e3b", }, { url: "https://github.com/froxlor/froxlor/commit/0527f22dc942483430f8449e25a096bb8d683a5d", }, ], source: { advisory: "3a8f36ac-5eda-41e7-a9c4-e0f3d63e6e3b", discovery: "EXTERNAL", }, title: "Improper Authorization in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4868", datePublished: "2022-12-31T00:00:00", dateReserved: "2022-12-31T00:00:00", dateUpdated: "2024-08-03T01:55:46.092Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4867
Vulnerability from cvelistv5
Published
2022-12-31 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.0-beta1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:46.058Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/c91364dd-9ead-4bf3-96e6-663a017e08fa", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/f7f356e896173558248c43f4f68612f78e73a65d", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.0-beta1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-31T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/c91364dd-9ead-4bf3-96e6-663a017e08fa", }, { url: "https://github.com/froxlor/froxlor/commit/f7f356e896173558248c43f4f68612f78e73a65d", }, ], source: { advisory: "c91364dd-9ead-4bf3-96e6-663a017e08fa", discovery: "EXTERNAL", }, title: "Cross-Site Request Forgery (CSRF) in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4867", datePublished: "2022-12-31T00:00:00", dateReserved: "2022-12-31T00:00:00", dateUpdated: "2024-08-03T01:55:46.058Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-3172
Vulnerability from cvelistv5
Published
2023-06-09 00:00
Modified
2025-01-06 17:12
Severity ?
EPSS score ?
Summary
Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.20 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:48:07.341Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-3172", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-06T17:12:19.422769Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-06T17:12:23.267Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.20", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-09T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e", }, { url: "https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e", }, ], source: { advisory: "e50966cd-9222-46b9-aedc-1feb3f2a0b0e", discovery: "EXTERNAL", }, title: "Path Traversal in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-3172", datePublished: "2023-06-09T00:00:00", dateReserved: "2023-06-09T00:00:00", dateUpdated: "2025-01-06T17:12:23.267Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3017
Vulnerability from cvelistv5
Published
2022-08-28 13:50
Modified
2024-08-03 00:53
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0 | x_refsource_CONFIRM | |
| https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 0.10.38 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:53:00.472Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "0.10.38", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-28T13:50:08", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a", }, ], source: { advisory: "5250c4b1-132b-4da6-9bd6-db36cb56bea0", discovery: "EXTERNAL", }, title: "Cross-Site Request Forgery (CSRF) in froxlor/froxlor", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@huntr.dev", ID: "CVE-2022-3017", STATE: "PUBLIC", TITLE: "Cross-Site Request Forgery (CSRF) in froxlor/froxlor", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "froxlor/froxlor", version: { version_data: [ { version_affected: "<", version_value: "0.10.38", }, ], }, }, ], }, vendor_name: "froxlor", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-352 Cross-Site Request Forgery (CSRF)", }, ], }, ], }, references: { reference_data: [ { name: "https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0", refsource: "CONFIRM", url: "https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0", }, { name: "https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a", refsource: "MISC", url: "https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a", }, ], }, source: { advisory: "5250c4b1-132b-4da6-9bd6-db36cb56bea0", discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-3017", datePublished: "2022-08-28T13:50:08", dateReserved: "2022-08-27T00:00:00", dateUpdated: "2024-08-03T00:53:00.472Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4864
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.0-beta1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:46.077Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/b7140709-8f84-4f19-9463-78669fa2175b", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/f2485ecd9aab8da544b5e12891d82ae6fcff5fc7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.0-beta1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-88", description: "CWE-88 Improper Neutralization of Argument Delimiters in a Command", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-30T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/b7140709-8f84-4f19-9463-78669fa2175b", }, { url: "https://github.com/froxlor/froxlor/commit/f2485ecd9aab8da544b5e12891d82ae6fcff5fc7", }, ], source: { advisory: "b7140709-8f84-4f19-9463-78669fa2175b", discovery: "EXTERNAL", }, title: " Argument Injection in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4864", datePublished: "2022-12-30T00:00:00", dateReserved: "2022-12-30T00:00:00", dateUpdated: "2024-08-03T01:55:46.077Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-2666
Vulnerability from cvelistv5
Published
2023-05-12 00:00
Modified
2025-01-24 15:59
Severity ?
EPSS score ?
Summary
Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.16 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:26:09.761Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/0bbdc9d4-d9dc-4490-93ef-0a83b451a20f", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/1679675aa1c29d24344dd2e091ff252accb111d6", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-2666", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-24T15:58:44.251136Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-24T15:59:16.468Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.16", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-12T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/0bbdc9d4-d9dc-4490-93ef-0a83b451a20f", }, { url: "https://github.com/froxlor/froxlor/commit/1679675aa1c29d24344dd2e091ff252accb111d6", }, ], source: { advisory: "0bbdc9d4-d9dc-4490-93ef-0a83b451a20f", discovery: "EXTERNAL", }, title: "Allocation of Resources Without Limits or Throttling in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-2666", datePublished: "2023-05-12T00:00:00.000Z", dateReserved: "2023-05-12T00:00:00.000Z", dateUpdated: "2025-01-24T15:59:16.468Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0671
Vulnerability from cvelistv5
Published
2023-02-04 00:00
Modified
2025-03-25 20:12
Severity ?
EPSS score ?
Summary
Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.10 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:17:50.338Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/c2a84917-7ac0-4169-81c1-b61e617023de", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/0034681412057fef2dfe9cce9f8a6e3321f52edc", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0671", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-25T20:12:38.586606Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-25T20:12:58.599Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.10", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-04T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/c2a84917-7ac0-4169-81c1-b61e617023de", }, { url: "https://github.com/froxlor/froxlor/commit/0034681412057fef2dfe9cce9f8a6e3321f52edc", }, ], source: { advisory: "c2a84917-7ac0-4169-81c1-b61e617023de", discovery: "EXTERNAL", }, title: " Code Injection in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0671", datePublished: "2023-02-04T00:00:00.000Z", dateReserved: "2023-02-04T00:00:00.000Z", dateUpdated: "2025-03-25T20:12:58.599Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0566
Vulnerability from cvelistv5
Published
2023-01-29 00:00
Modified
2025-03-28 15:44
Severity ?
EPSS score ?
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.10 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:17:49.902Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/8339e4f1-d430-4845-81b5-36dd9fcdac49", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/bd5b99dc1c06f594b9563d459a50bf3b32504876", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0566", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-28T15:44:01.335100Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-28T15:44:12.607Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.10", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Ahmed Hassan (ahmedvienna)", }, { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Josef Hassan (josefjku)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.</p>", }, ], value: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-18T10:10:12.217Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.dev/bounties/8339e4f1-d430-4845-81b5-36dd9fcdac49", }, { url: "https://github.com/froxlor/froxlor/commit/bd5b99dc1c06f594b9563d459a50bf3b32504876", }, ], source: { advisory: "8339e4f1-d430-4845-81b5-36dd9fcdac49", discovery: "EXTERNAL", }, title: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0566", datePublished: "2023-01-29T00:00:00.000Z", dateReserved: "2023-01-29T00:00:00.000Z", dateUpdated: "2025-03-28T15:44:12.607Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-2034
Vulnerability from cvelistv5
Published
2023-04-14 00:00
Modified
2025-02-06 21:01
Severity ?
EPSS score ?
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.14 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:12:19.833Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/aba6beaa-570e-4523-8128-da4d8e374ef6", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/f36bc61fc74c85a21c8d31448198b11f96eb3bc6", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-2034", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-06T21:01:22.694728Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-06T21:01:27.259Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.14", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-434", description: "CWE-434 Unrestricted Upload of File with Dangerous Type", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-14T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/aba6beaa-570e-4523-8128-da4d8e374ef6", }, { url: "https://github.com/froxlor/froxlor/commit/f36bc61fc74c85a21c8d31448198b11f96eb3bc6", }, ], source: { advisory: "aba6beaa-570e-4523-8128-da4d8e374ef6", discovery: "EXTERNAL", }, title: "Unrestricted Upload of File with Dangerous Type in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-2034", datePublished: "2023-04-14T00:00:00.000Z", dateReserved: "2023-04-14T00:00:00.000Z", dateUpdated: "2025-02-06T21:01:27.259Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-5564
Vulnerability from cvelistv5
Published
2023-10-13 00:00
Modified
2024-09-17 17:08
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.1.0-dev1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:59:44.835Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "froxlor", vendor: "froxlor", versions: [ { lessThan: "2.1.0-dev1", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-5564", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T17:07:19.123189Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T17:08:03.569Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.1.0-dev1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-13T00:00:19.626Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c", }, { url: "https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa", }, ], source: { advisory: "9254d8f3-a847-4ae8-8477-d2ce027cff5c", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-5564", datePublished: "2023-10-13T00:00:19.626Z", dateReserved: "2023-10-13T00:00:06.686Z", dateUpdated: "2024-09-17T17:08:03.569Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-6069
Vulnerability from cvelistv5
Published
2023-11-10 00:00
Modified
2024-08-02 08:21
Severity ?
EPSS score ?
Summary
Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:21:17.449Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.1.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.</p>", }, ], value: "Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-59", description: "CWE-59 Improper Link Resolution Before File Access ('Link Following')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-16T21:10:57.491Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c", }, { url: "https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc", }, ], source: { advisory: "aac0627e-e59d-476e-9385-edb7ff53758c", discovery: "EXTERNAL", }, title: "Improper Link Resolution Before File Access in froxlor/froxlor", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2023-6069", datePublished: "2023-11-10T00:00:32.765Z", dateReserved: "2023-11-10T00:00:12.624Z", dateUpdated: "2024-08-02T08:21:17.449Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-3192
Vulnerability from cvelistv5
Published
2023-06-11 00:00
Modified
2025-01-06 17:04
Severity ?
EPSS score ?
Summary
Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:48:08.302Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-3192", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-06T17:04:10.411183Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-06T17:04:25.248Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.1.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-384", description: "CWE-384 Session Fixation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-11T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551", }, { url: "https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52", }, ], source: { advisory: "f3644772-9c86-4f55-a0fa-aeb11f411551", discovery: "EXTERNAL", }, title: "Session Fixation in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-3192", datePublished: "2023-06-11T00:00:00", dateReserved: "2023-06-11T00:00:00", dateUpdated: "2025-01-06T17:04:25.248Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3721
Vulnerability from cvelistv5
Published
2022-11-04 00:00
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 0.10.39 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:20:57.121Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/1182453c18a83309a3470b2775c148ede740806c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "0.10.39", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-04T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a", }, { url: "https://github.com/froxlor/froxlor/commit/1182453c18a83309a3470b2775c148ede740806c", }, ], source: { advisory: "a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a", discovery: "EXTERNAL", }, title: " Code Injection in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-3721", datePublished: "2022-11-04T00:00:00", dateReserved: "2022-10-27T00:00:00", dateUpdated: "2024-08-03T01:20:57.121Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0877
Vulnerability from cvelistv5
Published
2023-02-17 00:00
Modified
2025-03-18 16:01
Severity ?
EPSS score ?
Summary
Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.11 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:24:34.759Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/aa48ffca2bcaf7ae57be3b8147bb3138abdab984", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0877", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-18T16:01:03.719123Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-18T16:01:15.779Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-17T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8", }, { url: "https://github.com/froxlor/froxlor/commit/aa48ffca2bcaf7ae57be3b8147bb3138abdab984", }, ], source: { advisory: "b29cf038-06f1-4fb0-9437-08f2991f92a8", discovery: "EXTERNAL", }, title: " Code Injection in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0877", datePublished: "2023-02-17T00:00:00.000Z", dateReserved: "2023-02-17T00:00:00.000Z", dateUpdated: "2025-03-18T16:01:15.779Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-3668
Vulnerability from cvelistv5
Published
2023-07-14 00:00
Modified
2024-10-28 20:36
Severity ?
EPSS score ?
Summary
Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.21 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:01:57.327Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.21", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-3668", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-28T20:31:42.683584Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-28T20:36:00.527Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.21", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-116", description: "CWE-116 Improper Encoding or Escaping of Output", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-14T00:00:19.815Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e", }, { url: "https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965", }, ], source: { advisory: "df8cccf4-a340-440e-a7e0-1b42e757d66e", discovery: "EXTERNAL", }, title: "Improper Encoding or Escaping of Output in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-3668", datePublished: "2023-07-14T00:00:19.815Z", dateReserved: "2023-07-14T00:00:06.988Z", dateUpdated: "2024-10-28T20:36:00.527Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4304
Vulnerability from cvelistv5
Published
2023-08-11 00:00
Modified
2024-10-04 13:06
Severity ?
EPSS score ?
Summary
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.22,2.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:24:04.620Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-4304", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-04T13:04:29.535523Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-04T13:06:39.118Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.22,2.1.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Ahmed Hassan (ahmedvienna)", }, { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Josef Hassan (josefjku)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.</p>", }, ], value: "Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.8, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-840", description: "CWE-840 Business Logic Errors", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-18T10:13:29.779Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9", }, { url: "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597", }, ], source: { advisory: "59fe5037-b253-4b0f-be69-1d2e4af8b4a9", discovery: "EXTERNAL", }, title: "Business Logic Errors in froxlor/froxlor", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-4304", datePublished: "2023-08-11T00:00:20.247Z", dateReserved: "2023-08-11T00:00:07.158Z", dateUpdated: "2024-10-04T13:06:39.118Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4829
Vulnerability from cvelistv5
Published
2023-10-13 12:24
Modified
2024-09-17 17:05
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.22 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:38:00.692Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.22", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-4829", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T17:04:26.707923Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T17:05:37.681Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.22", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-13T12:24:05.277Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b", }, { url: "https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d", }, ], source: { advisory: "babd73ca-6c80-4145-8c7d-33a883fe606b", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-4829", datePublished: "2023-10-13T12:24:05.277Z", dateReserved: "2023-09-08T00:00:07.307Z", dateUpdated: "2024-09-17T17:05:37.681Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3869
Vulnerability from cvelistv5
Published
2022-11-05 00:00
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 0.10.38.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:20:58.628Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "0.10.38.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-05T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b", }, { url: "https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8", }, ], source: { advisory: "7de20f21-4a9b-445d-ae2b-15ade648900b", discovery: "EXTERNAL", }, title: " Code Injection in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-3869", datePublished: "2022-11-05T00:00:00", dateReserved: "2022-11-05T00:00:00", dateUpdated: "2024-08-03T01:20:58.628Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0316
Vulnerability from cvelistv5
Published
2023-01-16 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:10:55.093Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/c190e42a-4806-47aa-aa1e-ff5d6407e244", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/983d9294603925018225d672795bd8b4a526f41e", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Path Traversal: '\\..\\filename' in GitHub repository froxlor/froxlor prior to 2.0.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-29", description: "CWE-29 Path Traversal: '\\..\\filename'", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-16T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/c190e42a-4806-47aa-aa1e-ff5d6407e244", }, { url: "https://github.com/froxlor/froxlor/commit/983d9294603925018225d672795bd8b4a526f41e", }, ], source: { advisory: "c190e42a-4806-47aa-aa1e-ff5d6407e244", discovery: "EXTERNAL", }, title: "Path Traversal: '\\..\\filename' in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0316", datePublished: "2023-01-16T00:00:00", dateReserved: "2023-01-16T00:00:00", dateUpdated: "2024-08-02T05:10:55.093Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }