CVE-2022-3869 – Code Injection in froxlor/froxlor
https://notcve.org/view.php?id=CVE-2022-3869
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. Inyección de Código en el repositorio de GitHub froxlor/froxlor anterior a 0.10.38.2. • https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8 https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2022-3721 – Code Injection in froxlor/froxlor
https://notcve.org/view.php?id=CVE-2022-3721
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39. Inyección de código en el repositorio de GitHub froxlor/froxlor anterior a la versión 0.10.39. • https://github.com/froxlor/froxlor/commit/1182453c18a83309a3470b2775c148ede740806c https://huntr.dev/bounties/a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2022-3017 – Cross-Site Request Forgery (CSRF) in froxlor/froxlor
https://notcve.org/view.php?id=CVE-2022-3017
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el repositorio de GitHub froxlor/froxlor versiones anteriores a 0.10.38. • https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-29653
https://notcve.org/view.php?id=CVE-2020-29653
Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags. Froxlor versiones hasta 0.10.22, no lleva a cabo una comprobación de las entradas del usuario pasadas en el parámetro GET de customermail. El valor de este parámetro es reflejado en la página web de inicio de sesión, permitiendo una inyección de etiquetas HTML arbitrarias • https://github.com/Froxlor/Froxlor/commits/master https://github.com/Froxlor/Froxlor/security/advisories https://nozero.io/en/cve-2020-29653-froxlor-html-injection-dangling-markup • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-28957
https://notcve.org/view.php?id=CVE-2020-28957
Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el módulo Customer Add de Foxlor versión v0.10.16 permiten a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada introducida en los campos de entrada name, firstname o username • https://www.vulnerability-lab.com/get_content.php?id=2241 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •