CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34070 – Froxlor Vulnerable to Blind XSS Leading to Froxlor Application Compromise
https://notcve.org/view.php?id=CVE-2024-34070
Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting (XSS) vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on the Login attempt, which will then be executed when viewed by the Administrator in the System Logs. By exploiting this vulnerability, the attacker can perform various malicious actions such as forcing the Administrator to execute actions without their knowledge or consent. For instance, the attacker can force the Administrator to add a new administrator controlled by the attacker, thereby giving the attacker full control over the application. • https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6 https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-50256 – Froxlor username/surname AND company field Bypass
https://notcve.org/view.php?id=CVE-2023-50256
Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue. Froxlor es un software de administración de servidores de código abierto. • https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4 https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4 • CWE-20: Improper Input Validation •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6069 – Improper Link Resolution Before File Access in froxlor/froxlor
https://notcve.org/view.php?id=CVE-2023-6069
Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0. Validación de entrada incorrecta en el repositorio de GitHub froxlor/froxlor anterior a 2.1.0. • https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4829 – Cross-site Scripting (XSS) - Stored in froxlor/froxlor
https://notcve.org/view.php?id=CVE-2023-4829
Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22. Cross-Site Scripting (XSS) Almacenado en el repositorio de GitHub froxlor/froxlor anterior a 2.0.22. • https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5564 – Cross-site Scripting (XSS) - Stored in froxlor/froxlor
https://notcve.org/view.php?id=CVE-2023-5564
Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1. Cross-Site Scripting (XSS) Almacenado en el repositorio de GitHub froxlor/froxlor anterior a 2.1.0-dev1. • https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •