Vulnerabilites related to froxlor - froxlor
cve-2023-1307
Vulnerability from cvelistv5
Published
2023-03-10 00:00
Modified
2025-02-28 17:06
Severity ?
EPSS score ?
Summary
Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.13 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:40:59.799Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-1307", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T17:05:24.223544Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T17:06:06.135Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.13", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-305", description: "CWE-305 Authentication Bypass by Primary Weakness", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-10T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1", }, { url: "https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23", }, ], source: { advisory: "5fe85af4-a667-41a9-a00d-f99e07c5e2f1", discovery: "EXTERNAL", }, title: "Authentication Bypass by Primary Weakness in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-1307", datePublished: "2023-03-10T00:00:00.000Z", dateReserved: "2023-03-10T00:00:00.000Z", dateUpdated: "2025-02-28T17:06:06.135Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0315
Vulnerability from cvelistv5
Published
2023-01-16 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.8 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:10:55.202Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/ff4e177b-ba48-4913-bbfa-ab8ce0db5943", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/090cfc26f2722ac3036cc7fd1861955bc36f065a", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/171108/Froxlor-2.0.6-Remote-Command-Execution.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/171729/Froxlor-2.0.3-Stable-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.8", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-06T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/ff4e177b-ba48-4913-bbfa-ab8ce0db5943", }, { url: "https://github.com/froxlor/froxlor/commit/090cfc26f2722ac3036cc7fd1861955bc36f065a", }, { url: "http://packetstormsecurity.com/files/171108/Froxlor-2.0.6-Remote-Command-Execution.html", }, { url: "http://packetstormsecurity.com/files/171729/Froxlor-2.0.3-Stable-Remote-Code-Execution.html", }, ], source: { advisory: "ff4e177b-ba48-4913-bbfa-ab8ce0db5943", discovery: "EXTERNAL", }, title: "Command Injection in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0315", datePublished: "2023-01-16T00:00:00", dateReserved: "2023-01-16T00:00:00", dateUpdated: "2024-08-02T05:10:55.202Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1000527
Vulnerability from cvelistv5
Published
2018-06-26 16:00
Modified
2024-08-05 12:40
Severity ?
EPSS score ?
Summary
Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $_POST['ssl_ipandport']. This vulnerability appears to have been fixed in after commit c1e62e6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://0dd.zone/2018/05/31/Froxlor-Object-Injection/ | x_refsource_MISC | |
| https://github.com/Froxlor/Froxlor/issues/555 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:40:47.268Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://0dd.zone/2018/05/31/Froxlor-Object-Injection/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/Froxlor/Froxlor/issues/555", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], dateAssigned: "2018-06-23T00:00:00", datePublic: "2018-06-26T00:00:00", descriptions: [ { lang: "en", value: "Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $_POST['ssl_ipandport']. This vulnerability appears to have been fixed in after commit c1e62e6.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-26T15:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://0dd.zone/2018/05/31/Froxlor-Object-Injection/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/Froxlor/Froxlor/issues/555", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", DATE_ASSIGNED: "2018-06-23T11:22:32.998437", DATE_REQUESTED: "2018-06-01T15:26:20", ID: "CVE-2018-1000527", REQUESTER: "sajeeb@0dd.zone", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $_POST['ssl_ipandport']. This vulnerability appears to have been fixed in after commit c1e62e6.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://0dd.zone/2018/05/31/Froxlor-Object-Injection/", refsource: "MISC", url: "https://0dd.zone/2018/05/31/Froxlor-Object-Injection/", }, { name: "https://github.com/Froxlor/Froxlor/issues/555", refsource: "MISC", url: "https://github.com/Froxlor/Froxlor/issues/555", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-1000527", datePublished: "2018-06-26T16:00:00", dateReserved: "2018-06-01T00:00:00", dateUpdated: "2024-08-05T12:40:47.268Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-3172
Vulnerability from cvelistv5
Published
2023-06-09 00:00
Modified
2025-01-06 17:12
Severity ?
EPSS score ?
Summary
Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.20 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:48:07.341Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-3172", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-06T17:12:19.422769Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-06T17:12:23.267Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.20", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-09T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e", }, { url: "https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e", }, ], source: { advisory: "e50966cd-9222-46b9-aedc-1feb3f2a0b0e", discovery: "EXTERNAL", }, title: "Path Traversal in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-3172", datePublished: "2023-06-09T00:00:00", dateReserved: "2023-06-09T00:00:00", dateUpdated: "2025-01-06T17:12:23.267Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0877
Vulnerability from cvelistv5
Published
2023-02-17 00:00
Modified
2025-03-18 16:01
Severity ?
EPSS score ?
Summary
Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.11 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:24:34.759Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/aa48ffca2bcaf7ae57be3b8147bb3138abdab984", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0877", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-18T16:01:03.719123Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-18T16:01:15.779Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-17T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8", }, { url: "https://github.com/froxlor/froxlor/commit/aa48ffca2bcaf7ae57be3b8147bb3138abdab984", }, ], source: { advisory: "b29cf038-06f1-4fb0-9437-08f2991f92a8", discovery: "EXTERNAL", }, title: " Code Injection in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0877", datePublished: "2023-02-17T00:00:00.000Z", dateReserved: "2023-02-17T00:00:00.000Z", dateUpdated: "2025-03-18T16:01:15.779Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10235
Vulnerability from cvelistv5
Published
2020-03-09 15:04
Modified
2024-08-04 10:58
Severity ?
EPSS score ?
Summary
An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d207 | x_refsource_MISC | |
| https://github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf656 | x_refsource_MISC | |
| https://bugzilla.suse.com/show_bug.cgi?id=1165721 | x_refsource_MISC | |
| https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:58:39.952Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d207", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf656", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1165721", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-09T15:04:46", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d207", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf656", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1165721", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10235", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d207", refsource: "MISC", url: "https://github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d207", }, { name: "https://github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf656", refsource: "MISC", url: "https://github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf656", }, { name: "https://bugzilla.suse.com/show_bug.cgi?id=1165721", refsource: "MISC", url: "https://bugzilla.suse.com/show_bug.cgi?id=1165721", }, { name: "https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14", refsource: "MISC", url: "https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10235", datePublished: "2020-03-09T15:04:46", dateReserved: "2020-03-09T00:00:00", dateUpdated: "2024-08-04T10:58:39.952Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0316
Vulnerability from cvelistv5
Published
2023-01-16 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:10:55.093Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/c190e42a-4806-47aa-aa1e-ff5d6407e244", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/983d9294603925018225d672795bd8b4a526f41e", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Path Traversal: '\\..\\filename' in GitHub repository froxlor/froxlor prior to 2.0.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-29", description: "CWE-29 Path Traversal: '\\..\\filename'", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-16T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/c190e42a-4806-47aa-aa1e-ff5d6407e244", }, { url: "https://github.com/froxlor/froxlor/commit/983d9294603925018225d672795bd8b4a526f41e", }, ], source: { advisory: "c190e42a-4806-47aa-aa1e-ff5d6407e244", discovery: "EXTERNAL", }, title: "Path Traversal: '\\..\\filename' in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0316", datePublished: "2023-01-16T00:00:00", dateReserved: "2023-01-16T00:00:00", dateUpdated: "2024-08-02T05:10:55.093Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-1033
Vulnerability from cvelistv5
Published
2023-02-25 00:00
Modified
2025-03-11 15:37
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.11 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:32:46.218Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-1033", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T15:36:54.677450Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T15:37:34.913Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-25T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387", }, { url: "https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950", }, ], source: { advisory: "ba3cd929-8b60-4d8d-b77d-f28409ecf387", discovery: "EXTERNAL", }, title: "Cross-Site Request Forgery (CSRF) in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-1033", datePublished: "2023-02-25T00:00:00.000Z", dateReserved: "2023-02-25T00:00:00.000Z", dateUpdated: "2025-03-11T15:37:34.913Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28957
Vulnerability from cvelistv5
Published
2021-10-22 19:20
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vulnerability-lab.com/get_content.php?id=2241 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:48:01.107Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.vulnerability-lab.com/get_content.php?id=2241", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-22T19:20:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.vulnerability-lab.com/get_content.php?id=2241", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-28957", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.vulnerability-lab.com/get_content.php?id=2241", refsource: "MISC", url: "https://www.vulnerability-lab.com/get_content.php?id=2241", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-28957", datePublished: "2021-10-22T19:20:17", dateReserved: "2020-11-19T00:00:00", dateUpdated: "2024-08-04T16:48:01.107Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4868
Vulnerability from cvelistv5
Published
2022-12-31 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.0-beta1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:46.092Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/3a8f36ac-5eda-41e7-a9c4-e0f3d63e6e3b", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/0527f22dc942483430f8449e25a096bb8d683a5d", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.0-beta1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285 Improper Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-31T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/3a8f36ac-5eda-41e7-a9c4-e0f3d63e6e3b", }, { url: "https://github.com/froxlor/froxlor/commit/0527f22dc942483430f8449e25a096bb8d683a5d", }, ], source: { advisory: "3a8f36ac-5eda-41e7-a9c4-e0f3d63e6e3b", discovery: "EXTERNAL", }, title: "Improper Authorization in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4868", datePublished: "2022-12-31T00:00:00", dateReserved: "2022-12-31T00:00:00", dateUpdated: "2024-08-03T01:55:46.092Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4867
Vulnerability from cvelistv5
Published
2022-12-31 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.0-beta1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:46.058Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/c91364dd-9ead-4bf3-96e6-663a017e08fa", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/f7f356e896173558248c43f4f68612f78e73a65d", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.0-beta1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-31T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/c91364dd-9ead-4bf3-96e6-663a017e08fa", }, { url: "https://github.com/froxlor/froxlor/commit/f7f356e896173558248c43f4f68612f78e73a65d", }, ], source: { advisory: "c91364dd-9ead-4bf3-96e6-663a017e08fa", discovery: "EXTERNAL", }, title: "Cross-Site Request Forgery (CSRF) in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4867", datePublished: "2022-12-31T00:00:00", dateReserved: "2022-12-31T00:00:00", dateUpdated: "2024-08-03T01:55:46.058Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-50256
Vulnerability from cvelistv5
Published
2024-01-03 22:34
Modified
2024-08-02 22:16
Severity ?
EPSS score ?
Summary
Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:16:46.105Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4", }, { name: "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac", }, { name: "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Froxlor", vendor: "Froxlor", versions: [ { status: "affected", version: "< 2.1.2", }, ], }, ], descriptions: [ { lang: "en", value: "Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-03T22:34:47.447Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4", }, { name: "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac", tags: [ "x_refsource_MISC", ], url: "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac", }, { name: "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4", tags: [ "x_refsource_MISC", ], url: "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4", }, ], source: { advisory: "GHSA-625g-fm5w-w7w4", discovery: "UNKNOWN", }, title: "Froxlor username/surname AND company field Bypass", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-50256", datePublished: "2024-01-03T22:34:47.447Z", dateReserved: "2023-12-05T20:42:59.378Z", dateUpdated: "2024-08-02T22:16:46.105Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4864
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.0-beta1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:46.077Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/b7140709-8f84-4f19-9463-78669fa2175b", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/f2485ecd9aab8da544b5e12891d82ae6fcff5fc7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.0-beta1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-88", description: "CWE-88 Improper Neutralization of Argument Delimiters in a Command", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-30T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/b7140709-8f84-4f19-9463-78669fa2175b", }, { url: "https://github.com/froxlor/froxlor/commit/f2485ecd9aab8da544b5e12891d82ae6fcff5fc7", }, ], source: { advisory: "b7140709-8f84-4f19-9463-78669fa2175b", discovery: "EXTERNAL", }, title: " Argument Injection in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4864", datePublished: "2022-12-30T00:00:00", dateReserved: "2022-12-30T00:00:00", dateUpdated: "2024-08-03T01:55:46.077Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0566
Vulnerability from cvelistv5
Published
2023-01-29 00:00
Modified
2025-03-28 15:44
Severity ?
EPSS score ?
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.10 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:17:49.902Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/8339e4f1-d430-4845-81b5-36dd9fcdac49", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/bd5b99dc1c06f594b9563d459a50bf3b32504876", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0566", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-28T15:44:01.335100Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-28T15:44:12.607Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.10", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Ahmed Hassan (ahmedvienna)", }, { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Josef Hassan (josefjku)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.</p>", }, ], value: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-18T10:10:12.217Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.dev/bounties/8339e4f1-d430-4845-81b5-36dd9fcdac49", }, { url: "https://github.com/froxlor/froxlor/commit/bd5b99dc1c06f594b9563d459a50bf3b32504876", }, ], source: { advisory: "8339e4f1-d430-4845-81b5-36dd9fcdac49", discovery: "EXTERNAL", }, title: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0566", datePublished: "2023-01-29T00:00:00.000Z", dateReserved: "2023-01-29T00:00:00.000Z", dateUpdated: "2025-03-28T15:44:12.607Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-2034
Vulnerability from cvelistv5
Published
2023-04-14 00:00
Modified
2025-02-06 21:01
Severity ?
EPSS score ?
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.14 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:12:19.833Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/aba6beaa-570e-4523-8128-da4d8e374ef6", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/f36bc61fc74c85a21c8d31448198b11f96eb3bc6", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-2034", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-06T21:01:22.694728Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-06T21:01:27.259Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.14", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-434", description: "CWE-434 Unrestricted Upload of File with Dangerous Type", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-14T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/aba6beaa-570e-4523-8128-da4d8e374ef6", }, { url: "https://github.com/froxlor/froxlor/commit/f36bc61fc74c85a21c8d31448198b11f96eb3bc6", }, ], source: { advisory: "aba6beaa-570e-4523-8128-da4d8e374ef6", discovery: "EXTERNAL", }, title: "Unrestricted Upload of File with Dangerous Type in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-2034", datePublished: "2023-04-14T00:00:00.000Z", dateReserved: "2023-04-14T00:00:00.000Z", dateUpdated: "2025-02-06T21:01:27.259Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-29773
Vulnerability from cvelistv5
Published
2025-03-13 17:07
Modified
2025-03-13 18:30
Severity ?
EPSS score ?
Summary
Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an existing account. This creates potential issues with account identification and security. This vulnerability can be exploited by authenticated users (e.g., reseller, customer) who can create accounts with the same email address that has already been used by another account, such as the admin. The attack vector is email-based, as the system does not prevent multiple accounts from registering the same email address, leading to possible conflicts and security issues. Version 2.2.6 fixes the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/froxlor/Froxlor/security/advisories/GHSA-7j6w-p859-464f | x_refsource_CONFIRM | |
| https://github.com/froxlor/Froxlor/commit/a43d53d54034805e3e404702a01312fa0c40b623 | x_refsource_MISC | |
| https://mega.nz/file/h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ | x_refsource_MISC |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-29773", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-13T18:30:51.821664Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-13T18:30:56.388Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://github.com/froxlor/Froxlor/security/advisories/GHSA-7j6w-p859-464f", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Froxlor", vendor: "froxlor", versions: [ { status: "affected", version: "< 2.2.6", }, ], }, ], descriptions: [ { lang: "en", value: "Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an existing account. This creates potential issues with account identification and security. This vulnerability can be exploited by authenticated users (e.g., reseller, customer) who can create accounts with the same email address that has already been used by another account, such as the admin. The attack vector is email-based, as the system does not prevent multiple accounts from registering the same email address, leading to possible conflicts and security issues. Version 2.2.6 fixes the issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287: Improper Authentication", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T17:07:28.515Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/froxlor/Froxlor/security/advisories/GHSA-7j6w-p859-464f", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/froxlor/Froxlor/security/advisories/GHSA-7j6w-p859-464f", }, { name: "https://github.com/froxlor/Froxlor/commit/a43d53d54034805e3e404702a01312fa0c40b623", tags: [ "x_refsource_MISC", ], url: "https://github.com/froxlor/Froxlor/commit/a43d53d54034805e3e404702a01312fa0c40b623", }, { name: "https://mega.nz/file/h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ", tags: [ "x_refsource_MISC", ], url: "https://mega.nz/file/h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ", }, ], source: { advisory: "GHSA-7j6w-p859-464f", discovery: "UNKNOWN", }, title: "Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2025-29773", datePublished: "2025-03-13T17:07:28.515Z", dateReserved: "2025-03-11T14:23:00.474Z", dateUpdated: "2025-03-13T18:30:56.388Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3721
Vulnerability from cvelistv5
Published
2022-11-04 00:00
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 0.10.39 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:20:57.121Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/1182453c18a83309a3470b2775c148ede740806c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "0.10.39", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-04T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a", }, { url: "https://github.com/froxlor/froxlor/commit/1182453c18a83309a3470b2775c148ede740806c", }, ], source: { advisory: "a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a", discovery: "EXTERNAL", }, title: " Code Injection in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-3721", datePublished: "2022-11-04T00:00:00", dateReserved: "2022-10-27T00:00:00", dateUpdated: "2024-08-03T01:20:57.121Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0565
Vulnerability from cvelistv5
Published
2023-01-29 00:00
Modified
2025-03-28 15:45
Severity ?
EPSS score ?
Summary
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.10 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:17:49.946Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/12d78294-1723-4450-a239-023952666102", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/2feb8020941a82bfb4ac68890f6ced0e5b3c4a15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0565", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-28T15:45:44.542501Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-28T15:45:51.454Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.10", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Ahmed Hassan (ahmedvienna)", }, { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Josef Hassan (josefjku)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.</p>", }, ], value: "Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-840", description: "CWE-840 Business Logic Errors", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-18T10:09:52.721Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.dev/bounties/12d78294-1723-4450-a239-023952666102", }, { url: "https://github.com/froxlor/froxlor/commit/2feb8020941a82bfb4ac68890f6ced0e5b3c4a15", }, ], source: { advisory: "12d78294-1723-4450-a239-023952666102", discovery: "EXTERNAL", }, title: "Business Logic Errors in froxlor/froxlor", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0565", datePublished: "2023-01-29T00:00:00.000Z", dateReserved: "2023-01-29T00:00:00.000Z", dateUpdated: "2025-03-28T15:45:51.454Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-3173
Vulnerability from cvelistv5
Published
2023-06-09 00:00
Modified
2025-01-06 17:11
Severity ?
EPSS score ?
Summary
Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.20 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:48:07.538Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-3173", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-06T17:11:52.944889Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-06T17:11:57.332Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.20", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-307", description: "CWE-307 Improper Restriction of Excessive Authentication Attempts", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-09T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14", }, { url: "https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6", }, ], source: { advisory: "4d715f76-950d-4251-8139-3dffea798f14", discovery: "EXTERNAL", }, title: "Improper Restriction of Excessive Authentication Attempts in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-3173", datePublished: "2023-06-09T00:00:00", dateReserved: "2023-06-09T00:00:00", dateUpdated: "2025-01-06T17:11:57.332Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0572
Vulnerability from cvelistv5
Published
2023-01-29 00:00
Modified
2025-03-28 15:42
Severity ?
EPSS score ?
Summary
Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.10 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:17:49.994Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/4ab24ee2-3ff6-4248-9555-0af3e5f754ec", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/7b08a71c59430d06c1efb012a6c6448262aacdb1", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0572", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-28T15:42:38.029869Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-28T15:42:50.200Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.10", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Ahmed Hassan (ahmedvienna)", }, { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Josef Hassan (josefjku)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.</p>", }, ], value: "Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-391", description: "CWE-391 Unchecked Error Condition", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-18T10:10:34.390Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.dev/bounties/4ab24ee2-3ff6-4248-9555-0af3e5f754ec", }, { url: "https://github.com/froxlor/froxlor/commit/7b08a71c59430d06c1efb012a6c6448262aacdb1", }, ], source: { advisory: "4ab24ee2-3ff6-4248-9555-0af3e5f754ec", discovery: "EXTERNAL", }, title: "Unchecked Error Condition in froxlor/froxlor", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0572", datePublished: "2023-01-29T00:00:00.000Z", dateReserved: "2023-01-29T00:00:00.000Z", dateUpdated: "2025-03-28T15:42:50.200Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-42325
Vulnerability from cvelistv5
Published
2021-10-12 19:01
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Froxlor/Froxlor/commit/eb592340b022298f62a0a3e8450dbfbe29585782 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/164800/Froxlor-0.10.29.1-SQL-Injection.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/50502 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:30:38.299Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/Froxlor/Froxlor/commit/eb592340b022298f62a0a3e8450dbfbe29585782", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/164800/Froxlor-0.10.29.1-SQL-Injection.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.exploit-db.com/exploits/50502", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-09T22:34:07", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/Froxlor/Froxlor/commit/eb592340b022298f62a0a3e8450dbfbe29585782", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/164800/Froxlor-0.10.29.1-SQL-Injection.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.exploit-db.com/exploits/50502", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-42325", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/Froxlor/Froxlor/commit/eb592340b022298f62a0a3e8450dbfbe29585782", refsource: "MISC", url: "https://github.com/Froxlor/Froxlor/commit/eb592340b022298f62a0a3e8450dbfbe29585782", }, { name: "http://packetstormsecurity.com/files/164800/Froxlor-0.10.29.1-SQL-Injection.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/164800/Froxlor-0.10.29.1-SQL-Injection.html", }, { name: "https://www.exploit-db.com/exploits/50502", refsource: "MISC", url: "https://www.exploit-db.com/exploits/50502", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-42325", datePublished: "2021-10-12T19:01:48", dateReserved: "2021-10-12T00:00:00", dateUpdated: "2024-08-04T03:30:38.299Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-5100
Vulnerability from cvelistv5
Published
2017-02-13 18:00
Modified
2024-08-06 00:53
Severity ?
EPSS score ?
Summary
Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Froxlor/Froxlor/commit/da4ec3e1b591de96675817a009e26e05e848a6ba | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:53:47.285Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/Froxlor/Froxlor/commit/da4ec3e1b591de96675817a009e26e05e848a6ba", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-28T00:00:00", descriptions: [ { lang: "en", value: "Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-13T17:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/Froxlor/Froxlor/commit/da4ec3e1b591de96675817a009e26e05e848a6ba", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-5100", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/Froxlor/Froxlor/commit/da4ec3e1b591de96675817a009e26e05e848a6ba", refsource: "CONFIRM", url: "https://github.com/Froxlor/Froxlor/commit/da4ec3e1b591de96675817a009e26e05e848a6ba", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-5100", datePublished: "2017-02-13T18:00:00", dateReserved: "2016-05-26T00:00:00", dateUpdated: "2024-08-06T00:53:47.285Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-2666
Vulnerability from cvelistv5
Published
2023-05-12 00:00
Modified
2025-01-24 15:59
Severity ?
EPSS score ?
Summary
Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.16 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:26:09.761Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/0bbdc9d4-d9dc-4490-93ef-0a83b451a20f", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/1679675aa1c29d24344dd2e091ff252accb111d6", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-2666", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-24T15:58:44.251136Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-24T15:59:16.468Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.16", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-12T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/0bbdc9d4-d9dc-4490-93ef-0a83b451a20f", }, { url: "https://github.com/froxlor/froxlor/commit/1679675aa1c29d24344dd2e091ff252accb111d6", }, ], source: { advisory: "0bbdc9d4-d9dc-4490-93ef-0a83b451a20f", discovery: "EXTERNAL", }, title: "Allocation of Resources Without Limits or Throttling in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-2666", datePublished: "2023-05-12T00:00:00.000Z", dateReserved: "2023-05-12T00:00:00.000Z", dateUpdated: "2025-01-24T15:59:16.468Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5959
Vulnerability from cvelistv5
Published
2017-09-06 21:00
Modified
2024-08-06 07:06
Severity ?
EPSS score ?
Summary
Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/76097 | vdb-entry, x_refsource_BID | |
| https://github.com/Froxlor/Froxlor/commit/8558533a9148a2a0302c9c177abff8e4e4075b92 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/08/07/2 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:06:35.098Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "76097", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/76097", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/Froxlor/Froxlor/commit/8558533a9148a2a0302c9c177abff8e4e4075b92", }, { name: "[oss-security] 20150807 Re: CVE request: Froxlor - information leak", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/08/07/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-07-29T00:00:00", descriptions: [ { lang: "en", value: "Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-06T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "76097", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/76097", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/Froxlor/Froxlor/commit/8558533a9148a2a0302c9c177abff8e4e4075b92", }, { name: "[oss-security] 20150807 Re: CVE request: Froxlor - information leak", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/08/07/2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-5959", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "76097", refsource: "BID", url: "http://www.securityfocus.com/bid/76097", }, { name: "https://github.com/Froxlor/Froxlor/commit/8558533a9148a2a0302c9c177abff8e4e4075b92", refsource: "CONFIRM", url: "https://github.com/Froxlor/Froxlor/commit/8558533a9148a2a0302c9c177abff8e4e4075b92", }, { name: "[oss-security] 20150807 Re: CVE request: Froxlor - information leak", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/08/07/2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-5959", datePublished: "2017-09-06T21:00:00", dateReserved: "2015-08-07T00:00:00", dateUpdated: "2024-08-06T07:06:35.098Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10236
Vulnerability from cvelistv5
Published
2020-03-09 15:04
Modified
2024-08-04 10:58
Severity ?
EPSS score ?
Summary
An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14 | x_refsource_MISC | |
| https://bugzilla.suse.com/show_bug.cgi?id=1165718 | x_refsource_MISC | |
| https://github.com/Froxlor/Froxlor/commit/6b09720ef8a1cc008751dd0ca0140a0597fedce5 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:58:40.134Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1165718", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/Froxlor/Froxlor/commit/6b09720ef8a1cc008751dd0ca0140a0597fedce5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-09T15:04:23", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1165718", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/Froxlor/Froxlor/commit/6b09720ef8a1cc008751dd0ca0140a0597fedce5", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10236", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14", refsource: "MISC", url: "https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14", }, { name: "https://bugzilla.suse.com/show_bug.cgi?id=1165718", refsource: "MISC", url: "https://bugzilla.suse.com/show_bug.cgi?id=1165718", }, { name: "https://github.com/Froxlor/Froxlor/commit/6b09720ef8a1cc008751dd0ca0140a0597fedce5", refsource: "MISC", url: "https://github.com/Froxlor/Froxlor/commit/6b09720ef8a1cc008751dd0ca0140a0597fedce5", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10236", datePublished: "2020-03-09T15:04:23", dateReserved: "2020-03-09T00:00:00", dateUpdated: "2024-08-04T10:58:40.134Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34070
Vulnerability from cvelistv5
Published
2024-05-10 15:21
Modified
2024-08-02 02:42
Severity ?
EPSS score ?
Summary
Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting (XSS) vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on the Login attempt, which will then be executed when viewed by the Administrator in the System Logs. By exploiting this vulnerability, the attacker can perform various malicious actions such as forcing the Administrator to execute actions without their knowledge or consent. For instance, the attacker can force the Administrator to add a new administrator controlled by the attacker, thereby giving the attacker full control over the application. This vulnerability is fixed in 2.1.9.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53 | x_refsource_CONFIRM | |
| https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6 | x_refsource_MISC |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:froxlor:froxlor:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "froxlor", vendor: "froxlor", versions: [ { lessThan: "2.1.9", status: "affected", version: "2.1.9*", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-34070", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-10T20:22:17.320471Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:42:49.031Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:42:59.890Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53", }, { name: "https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Froxlor", vendor: "froxlor", versions: [ { status: "affected", version: "< 2.1.9", }, ], }, ], descriptions: [ { lang: "en", value: "Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting (XSS) vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on the Login attempt, which will then be executed when viewed by the Administrator in the System Logs. By exploiting this vulnerability, the attacker can perform various malicious actions such as forcing the Administrator to execute actions without their knowledge or consent. For instance, the attacker can force the Administrator to add a new administrator controlled by the attacker, thereby giving the attacker full control over the application. This vulnerability is fixed in 2.1.9.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.7, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-80", description: "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-10T15:21:37.883Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53", }, { name: "https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6", tags: [ "x_refsource_MISC", ], url: "https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6", }, ], source: { advisory: "GHSA-x525-54hf-xr53", discovery: "UNKNOWN", }, title: "Froxlor Vulnerable to Blind XSS Leading to Froxlor Application Compromise", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-34070", datePublished: "2024-05-10T15:21:37.883Z", dateReserved: "2024-04-30T06:56:33.381Z", dateUpdated: "2024-08-02T02:42:59.890Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-12642
Vulnerability from cvelistv5
Published
2018-06-22 12:00
Modified
2024-09-16 20:13
Severity ?
EPSS score ?
Summary
Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Froxlor/Froxlor/commit/aa881560cc996c38cbf8c20ee62854e27f72c73c | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T08:38:06.406Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/Froxlor/Froxlor/commit/aa881560cc996c38cbf8c20ee62854e27f72c73c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-22T12:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/Froxlor/Froxlor/commit/aa881560cc996c38cbf8c20ee62854e27f72c73c", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-12642", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/Froxlor/Froxlor/commit/aa881560cc996c38cbf8c20ee62854e27f72c73c", refsource: "MISC", url: "https://github.com/Froxlor/Froxlor/commit/aa881560cc996c38cbf8c20ee62854e27f72c73c", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-12642", datePublished: "2018-06-22T12:00:00Z", dateReserved: "2018-06-22T00:00:00Z", dateUpdated: "2024-09-16T20:13:10.785Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4829
Vulnerability from cvelistv5
Published
2023-10-13 12:24
Modified
2024-09-17 17:05
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.22 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:38:00.692Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.22", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-4829", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T17:04:26.707923Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T17:05:37.681Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.22", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-13T12:24:05.277Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b", }, { url: "https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d", }, ], source: { advisory: "babd73ca-6c80-4145-8c7d-33a883fe606b", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-4829", datePublished: "2023-10-13T12:24:05.277Z", dateReserved: "2023-09-08T00:00:07.307Z", dateUpdated: "2024-09-17T17:05:37.681Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3869
Vulnerability from cvelistv5
Published
2022-11-05 00:00
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 0.10.38.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:20:58.628Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "0.10.38.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-05T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b", }, { url: "https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8", }, ], source: { advisory: "7de20f21-4a9b-445d-ae2b-15ade648900b", discovery: "EXTERNAL", }, title: " Code Injection in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-3869", datePublished: "2022-11-05T00:00:00", dateReserved: "2022-11-05T00:00:00", dateUpdated: "2024-08-03T01:20:58.628Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10237
Vulnerability from cvelistv5
Published
2020-03-09 15:04
Modified
2024-08-04 10:58
Severity ?
EPSS score ?
Summary
An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1165719 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:58:39.831Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1165719", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-09T15:04:32", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1165719", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10237", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.suse.com/show_bug.cgi?id=1165719", refsource: "MISC", url: "https://bugzilla.suse.com/show_bug.cgi?id=1165719", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10237", datePublished: "2020-03-09T15:04:32", dateReserved: "2020-03-09T00:00:00", dateUpdated: "2024-08-04T10:58:39.831Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0564
Vulnerability from cvelistv5
Published
2023-01-29 00:00
Modified
2025-03-28 15:46
Severity ?
EPSS score ?
Summary
Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.10 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:17:50.092Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/a4f86d6f-0d5d-428d-a4b3-551b20a21ce6", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/2a84e9c1207fd3d792b7fb198fd0c66fe1a66a7a", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0564", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-28T15:46:07.580244Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-28T15:46:16.878Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.10", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Ahmed Hassan (ahmedvienna)", }, { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Josef Hassan (josefjku)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.</p>", }, ], value: "Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-521", description: "CWE-521 Weak Password Requirements", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-18T10:09:35.132Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.dev/bounties/a4f86d6f-0d5d-428d-a4b3-551b20a21ce6", }, { url: "https://github.com/froxlor/froxlor/commit/2a84e9c1207fd3d792b7fb198fd0c66fe1a66a7a", }, ], source: { advisory: "a4f86d6f-0d5d-428d-a4b3-551b20a21ce6", discovery: "EXTERNAL", }, title: "Weak Password Requirements in froxlor/froxlor", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0564", datePublished: "2023-01-29T00:00:00.000Z", dateReserved: "2023-01-29T00:00:00.000Z", dateUpdated: "2025-03-28T15:46:16.878Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3017
Vulnerability from cvelistv5
Published
2022-08-28 13:50
Modified
2024-08-03 00:53
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0 | x_refsource_CONFIRM | |
| https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 0.10.38 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:53:00.472Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "0.10.38", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-28T13:50:08", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a", }, ], source: { advisory: "5250c4b1-132b-4da6-9bd6-db36cb56bea0", discovery: "EXTERNAL", }, title: "Cross-Site Request Forgery (CSRF) in froxlor/froxlor", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@huntr.dev", ID: "CVE-2022-3017", STATE: "PUBLIC", TITLE: "Cross-Site Request Forgery (CSRF) in froxlor/froxlor", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "froxlor/froxlor", version: { version_data: [ { version_affected: "<", version_value: "0.10.38", }, ], }, }, ], }, vendor_name: "froxlor", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-352 Cross-Site Request Forgery (CSRF)", }, ], }, ], }, references: { reference_data: [ { name: "https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0", refsource: "CONFIRM", url: "https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0", }, { name: "https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a", refsource: "MISC", url: "https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a", }, ], }, source: { advisory: "5250c4b1-132b-4da6-9bd6-db36cb56bea0", discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-3017", datePublished: "2022-08-28T13:50:08", dateReserved: "2022-08-27T00:00:00", dateUpdated: "2024-08-03T00:53:00.472Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0671
Vulnerability from cvelistv5
Published
2023-02-04 00:00
Modified
2025-03-25 20:12
Severity ?
EPSS score ?
Summary
Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.10 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:17:50.338Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/c2a84917-7ac0-4169-81c1-b61e617023de", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/0034681412057fef2dfe9cce9f8a6e3321f52edc", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0671", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-25T20:12:38.586606Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-25T20:12:58.599Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.10", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-04T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/c2a84917-7ac0-4169-81c1-b61e617023de", }, { url: "https://github.com/froxlor/froxlor/commit/0034681412057fef2dfe9cce9f8a6e3321f52edc", }, ], source: { advisory: "c2a84917-7ac0-4169-81c1-b61e617023de", discovery: "EXTERNAL", }, title: " Code Injection in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0671", datePublished: "2023-02-04T00:00:00.000Z", dateReserved: "2023-02-04T00:00:00.000Z", dateUpdated: "2025-03-25T20:12:58.599Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-5564
Vulnerability from cvelistv5
Published
2023-10-13 00:00
Modified
2024-09-17 17:08
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.1.0-dev1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:59:44.835Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "froxlor", vendor: "froxlor", versions: [ { lessThan: "2.1.0-dev1", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-5564", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T17:07:19.123189Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T17:08:03.569Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.1.0-dev1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-13T00:00:19.626Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c", }, { url: "https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa", }, ], source: { advisory: "9254d8f3-a847-4ae8-8477-d2ce027cff5c", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-5564", datePublished: "2023-10-13T00:00:19.626Z", dateReserved: "2023-10-13T00:00:06.686Z", dateUpdated: "2024-09-17T17:08:03.569Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-6069
Vulnerability from cvelistv5
Published
2023-11-10 00:00
Modified
2024-08-02 08:21
Severity ?
EPSS score ?
Summary
Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:21:17.449Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.1.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.</p>", }, ], value: "Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-59", description: "CWE-59 Improper Link Resolution Before File Access ('Link Following')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-16T21:10:57.491Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c", }, { url: "https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc", }, ], source: { advisory: "aac0627e-e59d-476e-9385-edb7ff53758c", discovery: "EXTERNAL", }, title: "Improper Link Resolution Before File Access in froxlor/froxlor", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2023-6069", datePublished: "2023-11-10T00:00:32.765Z", dateReserved: "2023-11-10T00:00:12.624Z", dateUpdated: "2024-08-02T08:21:17.449Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-3192
Vulnerability from cvelistv5
Published
2023-06-11 00:00
Modified
2025-01-06 17:04
Severity ?
EPSS score ?
Summary
Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:48:08.302Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-3192", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-06T17:04:10.411183Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-06T17:04:25.248Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.1.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-384", description: "CWE-384 Session Fixation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-11T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551", }, { url: "https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52", }, ], source: { advisory: "f3644772-9c86-4f55-a0fa-aeb11f411551", discovery: "EXTERNAL", }, title: "Session Fixation in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-3192", datePublished: "2023-06-11T00:00:00", dateReserved: "2023-06-11T00:00:00", dateUpdated: "2025-01-06T17:04:25.248Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-3668
Vulnerability from cvelistv5
Published
2023-07-14 00:00
Modified
2024-10-28 20:36
Severity ?
EPSS score ?
Summary
Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.21 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:01:57.327Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.21", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-3668", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-28T20:31:42.683584Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-28T20:36:00.527Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.21", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-116", description: "CWE-116 Improper Encoding or Escaping of Output", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-14T00:00:19.815Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e", }, { url: "https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965", }, ], source: { advisory: "df8cccf4-a340-440e-a7e0-1b42e757d66e", discovery: "EXTERNAL", }, title: "Improper Encoding or Escaping of Output in froxlor/froxlor", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-3668", datePublished: "2023-07-14T00:00:19.815Z", dateReserved: "2023-07-14T00:00:06.988Z", dateUpdated: "2024-10-28T20:36:00.527Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-29653
Vulnerability from cvelistv5
Published
2022-04-13 12:02
Modified
2024-08-04 16:55
Severity ?
EPSS score ?
Summary
Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Froxlor/Froxlor/commits/master | x_refsource_MISC | |
| https://github.com/Froxlor/Froxlor/security/advisories | x_refsource_MISC | |
| https://nozero.io/en/cve-2020-29653-froxlor-html-injection-dangling-markup/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:55:10.668Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/Froxlor/Froxlor/commits/master", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/Froxlor/Froxlor/security/advisories", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://nozero.io/en/cve-2020-29653-froxlor-html-injection-dangling-markup/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-13T12:02:10", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/Froxlor/Froxlor/commits/master", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/Froxlor/Froxlor/security/advisories", }, { tags: [ "x_refsource_MISC", ], url: "https://nozero.io/en/cve-2020-29653-froxlor-html-injection-dangling-markup/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-29653", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/Froxlor/Froxlor/commits/master", refsource: "MISC", url: "https://github.com/Froxlor/Froxlor/commits/master", }, { name: "https://github.com/Froxlor/Froxlor/security/advisories", refsource: "MISC", url: "https://github.com/Froxlor/Froxlor/security/advisories", }, { name: "https://nozero.io/en/cve-2020-29653-froxlor-html-injection-dangling-markup/", refsource: "MISC", url: "https://nozero.io/en/cve-2020-29653-froxlor-html-injection-dangling-markup/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-29653", datePublished: "2022-04-13T12:02:10", dateReserved: "2020-12-09T00:00:00", dateUpdated: "2024-08-04T16:55:10.668Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4304
Vulnerability from cvelistv5
Published
2023-08-11 00:00
Modified
2024-10-04 13:06
Severity ?
EPSS score ?
Summary
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| froxlor | froxlor/froxlor |
Version: unspecified < 2.0.22,2.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:24:04.620Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9", }, { tags: [ "x_transferred", ], url: "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-4304", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-04T13:04:29.535523Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-04T13:06:39.118Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "froxlor/froxlor", vendor: "froxlor", versions: [ { lessThan: "2.0.22,2.1.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Ahmed Hassan (ahmedvienna)", }, { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Josef Hassan (josefjku)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.</p>", }, ], value: "Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.8, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-840", description: "CWE-840 Business Logic Errors", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-18T10:13:29.779Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9", }, { url: "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597", }, ], source: { advisory: "59fe5037-b253-4b0f-be69-1d2e4af8b4a9", discovery: "EXTERNAL", }, title: "Business Logic Errors in froxlor/froxlor", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-4304", datePublished: "2023-08-11T00:00:20.247Z", dateReserved: "2023-08-11T00:00:07.158Z", dateUpdated: "2024-10-04T13:06:39.118Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-06-09 02:15
Modified
2024-11-21 08:16
Severity ?
Summary
Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "7FE0153D-83B4-43BA-A1F8-D90020C9B465", versionEndExcluding: "2.0.20", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20.", }, { lang: "es", value: "Restricción inapropiada de intentos de autenticación excesivos en el repositorio froxlor de GitHub en versiones anteriores a 2.0.20.", }, ], id: "CVE-2023-3173", lastModified: "2024-11-21T08:16:37.493", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-09T02:15:09.233", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-307", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-307", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-04 13:15
Modified
2024-11-21 07:20
Severity ?
Summary
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/froxlor/froxlor/commit/1182453c18a83309a3470b2775c148ede740806c | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/froxlor/froxlor/commit/1182453c18a83309a3470b2775c148ede740806c | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a | Permissions Required, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "78B1E41B-97A1-4708-B7BC-3F73C5D91639", versionEndExcluding: "0.10.39", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.", }, { lang: "es", value: "Inyección de código en el repositorio de GitHub froxlor/froxlor anterior a la versión 0.10.39.", }, ], id: "CVE-2022-3721", lastModified: "2024-11-21T07:20:06.387", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 4.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-04T13:15:10.400", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/1182453c18a83309a3470b2775c148ede740806c", }, { source: "security@huntr.dev", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://huntr.dev/bounties/a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/1182453c18a83309a3470b2775c148ede740806c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://huntr.dev/bounties/a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-03-13 17:15
Modified
2025-04-03 18:25
Severity ?
5.8 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an existing account. This creates potential issues with account identification and security. This vulnerability can be exploited by authenticated users (e.g., reseller, customer) who can create accounts with the same email address that has already been used by another account, such as the admin. The attack vector is email-based, as the system does not prevent multiple accounts from registering the same email address, leading to possible conflicts and security issues. Version 2.2.6 fixes the issue.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:2.2.5:*:*:*:*:*:*:*", matchCriteriaId: "E8C84957-A9D2-404A-9A78-055653742C5E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an existing account. This creates potential issues with account identification and security. This vulnerability can be exploited by authenticated users (e.g., reseller, customer) who can create accounts with the same email address that has already been used by another account, such as the admin. The attack vector is email-based, as the system does not prevent multiple accounts from registering the same email address, leading to possible conflicts and security issues. Version 2.2.6 fixes the issue.", }, { lang: "es", value: "Froxlor es un software de administración de servidores de código abierto. Una vulnerabilidad en versiones anteriores a la 2.2.6 permite a los usuarios (como revendedores o clientes) crear cuentas con la misma dirección de correo electrónico que una cuenta existente. Esto genera posibles problemas de identificación y seguridad de la cuenta. Esta vulnerabilidad puede ser explotada por usuarios autenticados (por ejemplo, revendedores o clientes) que pueden crear cuentas con la misma dirección de correo electrónico que ya ha sido utilizada por otra cuenta, como la del administrador. El vector de ataque se basa en el correo electrónico, ya que el sistema no impide que varias cuentas registren la misma dirección de correo electrónico, lo que puede generar conflictos y problemas de seguridad. La versión 2.2.6 corrige el problema.", }, ], id: "CVE-2025-29773", lastModified: "2025-04-03T18:25:43.613", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.2, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-03-13T17:15:37.833", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/froxlor/Froxlor/commit/a43d53d54034805e3e404702a01312fa0c40b623", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/froxlor/Froxlor/security/advisories/GHSA-7j6w-p859-464f", }, { source: "security-advisories@github.com", tags: [ "Exploit", ], url: "https://mega.nz/file/h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ", }, { source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/froxlor/Froxlor/security/advisories/GHSA-7j6w-p859-464f", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-09 01:15
Modified
2024-11-21 08:16
Severity ?
Summary
Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "7FE0153D-83B4-43BA-A1F8-D90020C9B465", versionEndExcluding: "2.0.20", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.", }, { lang: "es", value: "Salto de ruta en el repositorio de GitHub de froxlor/froxlor anterior a 2.0.20.", }, ], id: "CVE-2023-3172", lastModified: "2024-11-21T08:16:37.370", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.2, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-09T01:15:30.237", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e", }, { source: "security@huntr.dev", tags: [ "Exploit", ], url: "https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-09 16:15
Modified
2024-11-21 04:55
Severity ?
Summary
An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.suse.com/show_bug.cgi?id=1165719 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.suse.com/show_bug.cgi?id=1165719 | Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "8D427FF0-D947-4A5E-8839-42B7DD896D58", versionEndIncluding: "0.10.15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.", }, { lang: "es", value: "Se detectó un problema en Froxlor versiones hasta 0.10.15. El instalador escribió los parámetros de configuración, incluyendo las contraseñas en los archivos en /tmp, estableciendo los permisos apropiados solo después de escribir los datos confidenciales. Un atacante local podría haber revelado la información si lee el archivo en el momento correcto, debido a la función _createUserdataConf en la biblioteca install/lib/class.FroxlorInstall.php.", }, ], id: "CVE-2020-10237", lastModified: "2024-11-21T04:55:01.937", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-09T16:15:12.217", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1165719", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1165719", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-05 14:15
Modified
2024-11-21 07:20
Severity ?
Summary
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "55150ADE-E8D1-405B-BE7D-265A2BFDDFAD", versionEndExcluding: "0.10.38.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.", }, { lang: "es", value: "Inyección de Código en el repositorio de GitHub froxlor/froxlor anterior a 0.10.38.2.", }, ], id: "CVE-2022-3869", lastModified: "2024-11-21T07:20:24.220", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-05T14:15:09.580", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-09 16:15
Modified
2024-11-21 04:55
Severity ?
Summary
An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "CE490F89-9E33-449D-B856-70E57CFE5905", versionEndExcluding: "0.10.14", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.", }, { lang: "es", value: "Se detectó un problema en Froxlor versiones anteriores a 0.10.14. Los atacantes remotos con acceso a la rutina de instalación podrían haber ejecutado código arbitrario por medio de las opciones de configuración de la base de datos que fueron pasadas sin escape a exec, debido a la función _backupExistingDatabase en la biblioteca install/lib/class.FroxlorInstall.php.", }, ], id: "CVE-2020-10235", lastModified: "2024-11-21T04:55:01.603", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-09T16:15:12.047", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1165721", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf656", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d207", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1165721", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/Froxlor/Froxlor/commit/62ce21c9ec393f9962515c88f0c489ace42bf656", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/Froxlor/Froxlor/commit/7e361274c5bf687b6a42dd1871f6d75506c5d207", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, { lang: "en", value: "CWE-116", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-03 23:15
Modified
2024-11-21 08:36
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "474D793F-0B1C-43DC-979C-29B4A48045FE", versionEndExcluding: "2.1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.\n", }, { lang: "es", value: "Froxlor es un software de administración de servidores de código abierto. Antes de la versión 2.1.2, era posible enviar el formulario de registro con los campos esenciales, como el username y la password, dejados intencionalmente en blanco. Esta omisión inadvertida permitió omitir los requisitos de campo obligatorios (por ejemplo, apellido, nombre de la empresa) establecidos por el sistema. La versión 2.1.2 soluciona este problema.", }, ], id: "CVE-2023-50256", lastModified: "2024-11-21T08:36:45.770", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-03T23:15:08.517", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4", }, { source: "security-advisories@github.com", tags: [ "Exploit", ], url: "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-29 01:15
Modified
2024-11-21 07:37
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/froxlor/froxlor/commit/2a84e9c1207fd3d792b7fb198fd0c66fe1a66a7a | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/a4f86d6f-0d5d-428d-a4b3-551b20a21ce6 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/froxlor/froxlor/commit/2a84e9c1207fd3d792b7fb198fd0c66fe1a66a7a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/a4f86d6f-0d5d-428d-a4b3-551b20a21ce6 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "AF26BD0E-694F-48CD-96F2-7E9FE8C46966", versionEndExcluding: "2.0.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.\n\n", }, { lang: "es", value: "Requisitos de contraseña débiles en el repositorio de GitHub froxlor/froxlor anterior a 2.0.10.", }, ], id: "CVE-2023-0564", lastModified: "2024-11-21T07:37:24.620", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "security@huntr.dev", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-29T01:15:08.773", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/2a84e9c1207fd3d792b7fb198fd0c66fe1a66a7a", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/a4f86d6f-0d5d-428d-a4b3-551b20a21ce6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/2a84e9c1207fd3d792b7fb198fd0c66fe1a66a7a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/a4f86d6f-0d5d-428d-a4b3-551b20a21ce6", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-521", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-29 22:15
Modified
2024-11-21 07:37
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Summary
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/froxlor/froxlor/commit/2feb8020941a82bfb4ac68890f6ced0e5b3c4a15 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/12d78294-1723-4450-a239-023952666102 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/froxlor/froxlor/commit/2feb8020941a82bfb4ac68890f6ced0e5b3c4a15 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/12d78294-1723-4450-a239-023952666102 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "AF26BD0E-694F-48CD-96F2-7E9FE8C46966", versionEndExcluding: "2.0.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.\n\n", }, { lang: "es", value: "Errores de lógica empresarial en el repositorio de GitHub froxlor/froxlor anterior a 2.0.10.", }, ], id: "CVE-2023-0565", lastModified: "2024-11-21T07:37:24.717", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 4.2, source: "security@huntr.dev", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-29T22:15:08.857", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/2feb8020941a82bfb4ac68890f6ced0e5b3c4a15", }, { source: "security@huntr.dev", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/12d78294-1723-4450-a239-023952666102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/2feb8020941a82bfb4ac68890f6ced0e5b3c4a15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/12d78294-1723-4450-a239-023952666102", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-840", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-16 01:15
Modified
2024-11-21 07:36
Severity ?
Summary
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "B3FD93C1-22AA-485F-A722-1F50167398D5", versionEndExcluding: "2.0.8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.", }, { lang: "es", value: "Inyección de comandos en el repositorio de GitHub froxlor/froxlor anterior a 2.0.8.", }, ], id: "CVE-2023-0315", lastModified: "2024-11-21T07:36:57.423", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-16T01:15:08.937", references: [ { source: "security@huntr.dev", url: "http://packetstormsecurity.com/files/171108/Froxlor-2.0.6-Remote-Command-Execution.html", }, { source: "security@huntr.dev", url: "http://packetstormsecurity.com/files/171729/Froxlor-2.0.3-Stable-Remote-Code-Execution.html", }, { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/090cfc26f2722ac3036cc7fd1861955bc36f065a", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/ff4e177b-ba48-4913-bbfa-ab8ce0db5943", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/171108/Froxlor-2.0.6-Remote-Command-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/171729/Froxlor-2.0.3-Stable-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/090cfc26f2722ac3036cc7fd1861955bc36f065a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/ff4e177b-ba48-4913-bbfa-ab8ce0db5943", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-16 01:15
Modified
2024-11-21 07:36
Severity ?
Summary
Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/froxlor/froxlor/commit/983d9294603925018225d672795bd8b4a526f41e | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/c190e42a-4806-47aa-aa1e-ff5d6407e244 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/froxlor/froxlor/commit/983d9294603925018225d672795bd8b4a526f41e | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/c190e42a-4806-47aa-aa1e-ff5d6407e244 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "9A3D0E3C-79A7-4CC2-9CFD-0C2196523F25", versionEndExcluding: "2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Path Traversal: '\\..\\filename' in GitHub repository froxlor/froxlor prior to 2.0.0.", }, { lang: "es", value: "path traversal: '\\..\\filename' en el repositorio de GitHub froxlor/froxlor anterior a 2.0.0.", }, ], id: "CVE-2023-0316", lastModified: "2024-11-21T07:36:57.540", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 4, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-16T01:15:09.200", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/983d9294603925018225d672795bd8b4a526f41e", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/c190e42a-4806-47aa-aa1e-ff5d6407e244", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/983d9294603925018225d672795bd8b4a526f41e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/c190e42a-4806-47aa-aa1e-ff5d6407e244", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-29", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-13 13:15
Modified
2024-11-21 05:24
Severity ?
Summary
Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Froxlor/Froxlor/commits/master | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/Froxlor/Froxlor/security/advisories | Not Applicable, Third Party Advisory | |
| cve@mitre.org | https://nozero.io/en/cve-2020-29653-froxlor-html-injection-dangling-markup/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Froxlor/Froxlor/commits/master | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Froxlor/Froxlor/security/advisories | Not Applicable, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nozero.io/en/cve-2020-29653-froxlor-html-injection-dangling-markup/ | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "1FE05F66-056D-449E-BED0-069F8B9B16D6", versionEndIncluding: "0.10.22", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags.", }, { lang: "es", value: "Froxlor versiones hasta 0.10.22, no lleva a cabo una comprobación de las entradas del usuario pasadas en el parámetro GET de customermail. El valor de este parámetro es reflejado en la página web de inicio de sesión, permitiendo una inyección de etiquetas HTML arbitrarias", }, ], id: "CVE-2020-29653", lastModified: "2024-11-21T05:24:21.560", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-13T13:15:07.597", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/Froxlor/Froxlor/commits/master", }, { source: "cve@mitre.org", tags: [ "Not Applicable", "Third Party Advisory", ], url: "https://github.com/Froxlor/Froxlor/security/advisories", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://nozero.io/en/cve-2020-29653-froxlor-html-injection-dangling-markup/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/Froxlor/Froxlor/commits/master", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Third Party Advisory", ], url: "https://github.com/Froxlor/Froxlor/security/advisories", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://nozero.io/en/cve-2020-29653-froxlor-html-injection-dangling-markup/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-26 16:29
Modified
2024-11-21 03:40
Severity ?
Summary
Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $_POST['ssl_ipandport']. This vulnerability appears to have been fixed in after commit c1e62e6.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://0dd.zone/2018/05/31/Froxlor-Object-Injection/ | Third Party Advisory | |
| cve@mitre.org | https://github.com/Froxlor/Froxlor/issues/555 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://0dd.zone/2018/05/31/Froxlor-Object-Injection/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Froxlor/Froxlor/issues/555 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "7BDEE295-B7DC-440B-851A-E63FD81F79A8", versionEndIncluding: "0.9.39.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $_POST['ssl_ipandport']. This vulnerability appears to have been fixed in after commit c1e62e6.", }, { lang: "es", value: "Froxlor en versiones iguales o anteriores a la 0.9.39.5 contiene una vulnerabilidad de inyección de objetos PHP en el nombre del dominio que puede resultar en una divulgación de información y en la ejecución remota de código. El ataque parece ser explotable pasando objetos PHP maliciosos en $_POST['ssl_ipandport']. La vulnerabilidad parece haber sido solucionada tras el commit con ID c1e62e6.", }, ], id: "CVE-2018-1000527", lastModified: "2024-11-21T03:40:07.580", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-26T16:29:01.663", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://0dd.zone/2018/05/31/Froxlor-Object-Injection/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/Froxlor/Froxlor/issues/555", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://0dd.zone/2018/05/31/Froxlor-Object-Injection/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/Froxlor/Froxlor/issues/555", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-09-06 21:29
Modified
2024-11-21 02:34
Severity ?
Summary
Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/08/07/2 | Mailing List | |
| cve@mitre.org | http://www.securityfocus.com/bid/76097 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/Froxlor/Froxlor/commit/8558533a9148a2a0302c9c177abff8e4e4075b92 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/08/07/2 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/76097 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Froxlor/Froxlor/commit/8558533a9148a2a0302c9c177abff8e4e4075b92 | Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "3C875F4A-D163-4794-9CC8-2AB59B00C641", versionEndIncluding: "0.9.33.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.", }, { lang: "es", value: "Cuando se utiliza la configuración por defecto de Froxlor, en versiones anteriores a la 0.9.33.2, puede permitir que atacantes remotos obtengan la contraseña de la base de datos leyendo /logs/sql-error.log.", }, ], id: "CVE-2015-5959", lastModified: "2024-11-21T02:34:13.120", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-09-06T21:29:00.880", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2015/08/07/2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/76097", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/Froxlor/Froxlor/commit/8558533a9148a2a0302c9c177abff8e4e4075b92", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2015/08/07/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/76097", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/Froxlor/Froxlor/commit/8558533a9148a2a0302c9c177abff8e4e4075b92", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-30 23:15
Modified
2024-11-21 07:36
Severity ?
Summary
Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/froxlor/froxlor/commit/f2485ecd9aab8da544b5e12891d82ae6fcff5fc7 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/b7140709-8f84-4f19-9463-78669fa2175b | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/froxlor/froxlor/commit/f2485ecd9aab8da544b5e12891d82ae6fcff5fc7 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/b7140709-8f84-4f19-9463-78669fa2175b | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "3C43AD25-CDFD-4230-8D94-3689ADAFF042", versionEndIncluding: "0.10.38.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.", }, { lang: "es", value: "Inyección de argumentos en el repositorio de GitHub froxlor/froxlor anterior a 2.0.0-beta1.", }, ], id: "CVE-2022-4864", lastModified: "2024-11-21T07:36:05.780", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-30T23:15:11.910", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/f2485ecd9aab8da544b5e12891d82ae6fcff5fc7", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/b7140709-8f84-4f19-9463-78669fa2175b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/f2485ecd9aab8da544b5e12891d82ae6fcff5fc7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/b7140709-8f84-4f19-9463-78669fa2175b", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-88", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-31 10:15
Modified
2024-11-21 07:36
Severity ?
Summary
Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/froxlor/froxlor/commit/0527f22dc942483430f8449e25a096bb8d683a5d | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/3a8f36ac-5eda-41e7-a9c4-e0f3d63e6e3b | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/froxlor/froxlor/commit/0527f22dc942483430f8449e25a096bb8d683a5d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/3a8f36ac-5eda-41e7-a9c4-e0f3d63e6e3b | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "3C43AD25-CDFD-4230-8D94-3689ADAFF042", versionEndIncluding: "0.10.38.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.", }, { lang: "es", value: "Autorización incorrecta en el repositorio de GitHub froxlor/froxlor anterior a 2.0.0-beta1.", }, ], id: "CVE-2022-4868", lastModified: "2024-11-21T07:36:06.273", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-31T10:15:13.697", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/0527f22dc942483430f8449e25a096bb8d683a5d", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/3a8f36ac-5eda-41e7-a9c4-e0f3d63e6e3b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/0527f22dc942483430f8449e25a096bb8d683a5d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/3a8f36ac-5eda-41e7-a9c4-e0f3d63e6e3b", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-31 09:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/froxlor/froxlor/commit/f7f356e896173558248c43f4f68612f78e73a65d | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/c91364dd-9ead-4bf3-96e6-663a017e08fa | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/froxlor/froxlor/commit/f7f356e896173558248c43f4f68612f78e73a65d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/c91364dd-9ead-4bf3-96e6-663a017e08fa | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "3C43AD25-CDFD-4230-8D94-3689ADAFF042", versionEndIncluding: "0.10.38.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.", }, { lang: "es", value: "Cross-Site Request Forgery (CSRF) en el repositorio de GitHub froxlor/froxlor anterior a 2.0.0-beta1.", }, ], id: "CVE-2022-4867", lastModified: "2024-11-21T07:36:06.150", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-31T09:15:12.310", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/f7f356e896173558248c43f4f68612f78e73a65d", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/c91364dd-9ead-4bf3-96e6-663a017e08fa", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/f7f356e896173558248c43f4f68612f78e73a65d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/c91364dd-9ead-4bf3-96e6-663a017e08fa", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-11 01:15
Modified
2024-11-21 08:34
Severity ?
3.8 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Summary
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597 | Patch | |
| security@huntr.dev | https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "3A1F0C8D-0EC2-4AEF-8800-3FCE3B9D9240", versionEndExcluding: "2.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.\n\n", }, { lang: "es", value: "Errores de lógica de negocio en el repositorio GitHub froxlor/froxlor anterior a 2.0.22,2.1.0.", }, ], id: "CVE-2023-4304", lastModified: "2024-11-21T08:34:49.463", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.8, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 2.5, source: "security@huntr.dev", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-11T01:15:09.437", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597", }, { source: "security@huntr.dev", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-840", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-10-22 20:15
Modified
2024-11-21 05:23
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.vulnerability-lab.com/get_content.php?id=2241 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vulnerability-lab.com/get_content.php?id=2241 | Exploit, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:0.10.16:*:*:*:*:debian:*:*", matchCriteriaId: "6FC7EBE5-1C5B-4DAF-9056-2233E818A708", vulnerable: true, }, { criteria: "cpe:2.3:a:froxlor:froxlor:0.10.16:*:*:*:*:gentoo:*:*", matchCriteriaId: "5F1E0A56-7A43-497A-B827-FAE7E7A33F88", vulnerable: true, }, { criteria: "cpe:2.3:a:froxlor:froxlor:0.10.16:*:*:*:*:ubuntu:*:*", matchCriteriaId: "9CAF7A1C-4A23-4A24-BE4F-484B85F4590D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields.", }, { lang: "es", value: "Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el módulo Customer Add de Foxlor versión v0.10.16 permiten a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada introducida en los campos de entrada name, firstname o username", }, ], id: "CVE-2020-28957", lastModified: "2024-11-21T05:23:22.957", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-10-22T20:15:10.780", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.vulnerability-lab.com/get_content.php?id=2241", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.vulnerability-lab.com/get_content.php?id=2241", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-25 01:15
Modified
2024-11-21 07:38
Severity ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "C1635360-5CD8-4058-99AD-C8F00ED696A9", versionEndExcluding: "2.0.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11.", }, { lang: "es", value: "Cross-Site Request Forgery (CSRF) en el repositorio froxlor/froxlor de GitHub anterior a 2.0.11.", }, ], id: "CVE-2023-1033", lastModified: "2024-11-21T07:38:19.497", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 4.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-25T01:15:54.487", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-04 01:15
Modified
2024-11-21 07:37
Severity ?
Summary
Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/froxlor/froxlor/commit/0034681412057fef2dfe9cce9f8a6e3321f52edc | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/c2a84917-7ac0-4169-81c1-b61e617023de | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/froxlor/froxlor/commit/0034681412057fef2dfe9cce9f8a6e3321f52edc | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/c2a84917-7ac0-4169-81c1-b61e617023de | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "AF26BD0E-694F-48CD-96F2-7E9FE8C46966", versionEndExcluding: "2.0.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.", }, ], id: "CVE-2023-0671", lastModified: "2024-11-21T07:37:35.960", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.1, impactScore: 6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-04T01:15:09.830", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/0034681412057fef2dfe9cce9f8a6e3321f52edc", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/c2a84917-7ac0-4169-81c1-b61e617023de", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/0034681412057fef2dfe9cce9f8a6e3321f52edc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/c2a84917-7ac0-4169-81c1-b61e617023de", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-28 14:15
Modified
2024-11-21 07:18
Severity ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "305D71CF-F58C-40AC-9788-C421FD2295D2", versionEndExcluding: "0.10.38", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.", }, { lang: "es", value: "Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el repositorio de GitHub froxlor/froxlor versiones anteriores a 0.10.38.", }, ], id: "CVE-2022-3017", lastModified: "2024-11-21T07:18:38.720", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-28T14:15:08.240", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-10 01:15
Modified
2024-11-21 07:38
Severity ?
Summary
Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "8DC712DE-241F-47E2-A4C3-CF2A94C11049", versionEndExcluding: "2.0.13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.", }, ], id: "CVE-2023-1307", lastModified: "2024-11-21T07:38:53.390", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-10T01:15:11.927", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-305", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-14 01:15
Modified
2024-11-21 07:57
Severity ?
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "26DAE5E7-9A76-4E78-89EE-83348E930583", versionEndExcluding: "2.0.14", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.", }, ], id: "CVE-2023-2034", lastModified: "2024-11-21T07:57:48.120", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-04-14T01:15:08.847", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/f36bc61fc74c85a21c8d31448198b11f96eb3bc6", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", ], url: "https://huntr.dev/bounties/aba6beaa-570e-4523-8128-da4d8e374ef6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/f36bc61fc74c85a21c8d31448198b11f96eb3bc6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "https://huntr.dev/bounties/aba6beaa-570e-4523-8128-da4d8e374ef6", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-434", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-434", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-13 13:15
Modified
2024-11-21 08:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "3A1F0C8D-0EC2-4AEF-8800-3FCE3B9D9240", versionEndExcluding: "2.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.", }, { lang: "es", value: "Cross-Site Scripting (XSS) Almacenado en el repositorio de GitHub froxlor/froxlor anterior a 2.0.22.", }, ], id: "CVE-2023-4829", lastModified: "2024-11-21T08:36:03.593", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 3.4, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-13T13:15:12.523", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-11 11:15
Modified
2024-11-21 08:16
Severity ?
Summary
Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "3198109A-4339-43E3-AC82-0C238676EE5A", versionEndExcluding: "2.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.", }, { lang: "es", value: "Fijación de sesión en el repositorio GitHub froxlor/froxlor anterior a 2.1.0.", }, ], id: "CVE-2023-3192", lastModified: "2024-11-21T08:16:39.850", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 0.5, impactScore: 3.6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-11T11:15:42.500", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-384", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-17 01:15
Modified
2024-11-21 07:38
Severity ?
Summary
Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "C1635360-5CD8-4058-99AD-C8F00ED696A9", versionEndExcluding: "2.0.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.", }, { lang: "es", value: "Inyección de código en el repositorio froxlor/froxlor de GitHub anterior a 2.0.11.", }, ], id: "CVE-2023-0877", lastModified: "2024-11-21T07:38:01.290", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-17T01:15:10.663", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/aa48ffca2bcaf7ae57be3b8147bb3138abdab984", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/aa48ffca2bcaf7ae57be3b8147bb3138abdab984", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-29 23:15
Modified
2024-11-21 07:37
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/froxlor/froxlor/commit/7b08a71c59430d06c1efb012a6c6448262aacdb1 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/4ab24ee2-3ff6-4248-9555-0af3e5f754ec | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/froxlor/froxlor/commit/7b08a71c59430d06c1efb012a6c6448262aacdb1 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/4ab24ee2-3ff6-4248-9555-0af3e5f754ec | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "AF26BD0E-694F-48CD-96F2-7E9FE8C46966", versionEndExcluding: "2.0.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.\n\n", }, { lang: "es", value: "Condición de error no marcada en el repositorio de GitHub froxlor/froxlor anterior a 2.0.10.", }, ], id: "CVE-2023-0572", lastModified: "2024-11-21T07:37:25.510", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security@huntr.dev", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-29T23:15:08.790", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/7b08a71c59430d06c1efb012a6c6448262aacdb1", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/4ab24ee2-3ff6-4248-9555-0af3e5f754ec", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/7b08a71c59430d06c1efb012a6c6448262aacdb1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/4ab24ee2-3ff6-4248-9555-0af3e5f754ec", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-391", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-754", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-22 12:29
Modified
2024-11-21 03:45
Severity ?
Summary
Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Froxlor/Froxlor/commit/aa881560cc996c38cbf8c20ee62854e27f72c73c | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Froxlor/Froxlor/commit/aa881560cc996c38cbf8c20ee62854e27f72c73c | Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "7BDEE295-B7DC-440B-851A-E63FD81F79A8", versionEndIncluding: "0.9.39.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user.", }, { lang: "es", value: "Froxlor hasta la versión 0.9.39.5 tiene un control de acceso incorrecto para los tickets que no son propiedad del usuario actual.", }, ], id: "CVE-2018-12642", lastModified: "2024-11-21T03:45:36.090", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-22T12:29:00.273", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/Froxlor/Froxlor/commit/aa881560cc996c38cbf8c20ee62854e27f72c73c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/Froxlor/Froxlor/commit/aa881560cc996c38cbf8c20ee62854e27f72c73c", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-12 01:15
Modified
2024-11-21 07:59
Severity ?
Summary
Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "058420EC-EEB9-42C3-87E9-788EEF0500DE", versionEndExcluding: "2.0.16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16.", }, ], id: "CVE-2023-2666", lastModified: "2024-11-21T07:59:02.293", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 5.2, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-12T01:15:09.847", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/1679675aa1c29d24344dd2e091ff252accb111d6", }, { source: "security@huntr.dev", tags: [ "Permissions Required", ], url: "https://huntr.dev/bounties/0bbdc9d4-d9dc-4490-93ef-0a83b451a20f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/1679675aa1c29d24344dd2e091ff252accb111d6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://huntr.dev/bounties/0bbdc9d4-d9dc-4490-93ef-0a83b451a20f", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-29 22:15
Modified
2024-11-21 07:37
Severity ?
6.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/froxlor/froxlor/commit/bd5b99dc1c06f594b9563d459a50bf3b32504876 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/8339e4f1-d430-4845-81b5-36dd9fcdac49 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/froxlor/froxlor/commit/bd5b99dc1c06f594b9563d459a50bf3b32504876 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/8339e4f1-d430-4845-81b5-36dd9fcdac49 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "AF26BD0E-694F-48CD-96F2-7E9FE8C46966", versionEndExcluding: "2.0.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.\n\n", }, { lang: "es", value: "Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (\"cross-site scripting\") en froxlor/froxlor antes de la versión 2.0.10.", }, ], id: "CVE-2023-0566", lastModified: "2024-11-21T07:37:24.813", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.5, source: "security@huntr.dev", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-29T22:15:08.950", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/bd5b99dc1c06f594b9563d459a50bf3b32504876", }, { source: "security@huntr.dev", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/8339e4f1-d430-4845-81b5-36dd9fcdac49", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/froxlor/froxlor/commit/bd5b99dc1c06f594b9563d459a50bf3b32504876", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/8339e4f1-d430-4845-81b5-36dd9fcdac49", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-10 01:15
Modified
2024-11-21 08:43
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "3198109A-4339-43E3-AC82-0C238676EE5A", versionEndExcluding: "2.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.\n\n", }, { lang: "es", value: "Validación de entrada incorrecta en el repositorio de GitHub froxlor/froxlor anterior a 2.1.0.", }, ], id: "CVE-2023-6069", lastModified: "2024-11-21T08:43:04.910", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 6, source: "security@huntr.dev", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-10T01:15:07.623", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-14 01:15
Modified
2024-11-21 08:17
Severity ?
Summary
Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "A014E71B-9FB8-4832-B008-67E2F7743883", versionEndExcluding: "2.0.21", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.", }, ], id: "CVE-2023-3668", lastModified: "2024-11-21T08:17:47.787", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-14T01:15:08.763", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-116", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-09 16:15
Modified
2024-11-21 04:55
Severity ?
Summary
An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "CE490F89-9E33-449D-B856-70E57CFE5905", versionEndExcluding: "0.10.14", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.", }, { lang: "es", value: "Se detectó un problema en Froxlor versiones anteriores a 0.10.14. Creó archivos con nombres estáticos en /tmp durante la instalación si el directorio de instalación no era escribible. Esto permitió a atacantes locales causar una DoS o divulgar información fuera de los archivos de configuración, debido a la función _createUserdataConf en la biblioteca install/lib/class.FroxlorInstall.php.", }, ], id: "CVE-2020-10236", lastModified: "2024-11-21T04:55:01.773", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-09T16:15:12.140", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1165718", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/Froxlor/Froxlor/commit/6b09720ef8a1cc008751dd0ca0140a0597fedce5", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1165718", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/Froxlor/Froxlor/commit/6b09720ef8a1cc008751dd0ca0140a0597fedce5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/Froxlor/Froxlor/compare/0.10.13...0.10.14", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-13 01:15
Modified
2024-11-21 08:42
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "3198109A-4339-43E3-AC82-0C238676EE5A", versionEndExcluding: "2.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1.", }, { lang: "es", value: "Cross-Site Scripting (XSS) Almacenado en el repositorio de GitHub froxlor/froxlor anterior a 2.1.0-dev1.", }, ], id: "CVE-2023-5564", lastModified: "2024-11-21T08:42:01.573", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 1.1, impactScore: 3.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-13T01:15:56.093", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-02-13 18:59
Modified
2024-11-21 02:53
Severity ?
Summary
Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Froxlor/Froxlor/commit/da4ec3e1b591de96675817a009e26e05e848a6ba | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Froxlor/Froxlor/commit/da4ec3e1b591de96675817a009e26e05e848a6ba | Issue Tracking, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "176CAE64-5DA7-4AF6-8733-E98E895F01A7", versionEndIncluding: "0.9.34.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.", }, { lang: "es", value: "Froxlor en versiones anteriores a 0.9.35 utiliza la función rand de PHP para la generación de números aleatorios, lo que facilita a atacantes remotos adivinar el token de restablecimiento de contraseña mediante la predicción de un valor.", }, ], id: "CVE-2016-5100", lastModified: "2024-11-21T02:53:37.793", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-02-13T18:59:00.627", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/Froxlor/Froxlor/commit/da4ec3e1b591de96675817a009e26e05e848a6ba", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/Froxlor/Froxlor/commit/da4ec3e1b591de96675817a009e26e05e848a6ba", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-330", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-10-12 20:15
Modified
2024-11-21 06:27
Severity ?
Summary
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/164800/Froxlor-0.10.29.1-SQL-Injection.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/Froxlor/Froxlor/commit/eb592340b022298f62a0a3e8450dbfbe29585782 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/50502 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/164800/Froxlor-0.10.29.1-SQL-Injection.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Froxlor/Froxlor/commit/eb592340b022298f62a0a3e8450dbfbe29585782 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/50502 | Third Party Advisory, VDB Entry |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", matchCriteriaId: "BD72399A-F69E-462C-AF85-050A88737ED6", versionEndExcluding: "0.10.30", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.", }, { lang: "es", value: "Froxlor versiones hasta 0.10.29.1, permite una inyección SQL en el archivo Database/Manager/DbManagerMySQL.php por medio de un nombre de base de datos personalizado", }, ], id: "CVE-2021-42325", lastModified: "2024-11-21T06:27:36.583", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-10-12T20:15:07.617", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/164800/Froxlor-0.10.29.1-SQL-Injection.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/Froxlor/Froxlor/commit/eb592340b022298f62a0a3e8450dbfbe29585782", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/50502", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/164800/Froxlor-0.10.29.1-SQL-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/Froxlor/Froxlor/commit/eb592340b022298f62a0a3e8450dbfbe29585782", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/50502", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }