Vulnerabilities > Froxlor

DATE CVE VULNERABILITY TITLE RISK
2023-01-16 CVE-2023-0316 Unspecified vulnerability in Froxlor
Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0.
local
low complexity
froxlor
5.5
2022-12-31 CVE-2022-4868 Unspecified vulnerability in Froxlor
Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
network
low complexity
froxlor
4.3
2022-12-31 CVE-2022-4867 Cross-Site Request Forgery (CSRF) vulnerability in Froxlor
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
network
low complexity
froxlor CWE-352
4.3
2022-12-30 CVE-2022-4864 Injection vulnerability in Froxlor
Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
network
low complexity
froxlor CWE-74
5.4
2022-11-05 CVE-2022-3869 Cross-site Scripting vulnerability in Froxlor
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.
network
low complexity
froxlor CWE-79
6.1
2022-11-04 CVE-2022-3721 Cross-site Scripting vulnerability in Froxlor
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.
network
low complexity
froxlor CWE-79
4.6
2022-08-28 CVE-2022-3017 Unspecified vulnerability in Froxlor
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.
network
low complexity
froxlor
6.5
2022-04-13 CVE-2020-29653 Cross-site Scripting vulnerability in Froxlor
Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter.
network
low complexity
froxlor CWE-79
6.1
2021-10-22 CVE-2020-28957 Cross-site Scripting vulnerability in Froxlor 0.10.16
Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields.
network
low complexity
froxlor CWE-79
5.4
2021-10-12 CVE-2021-42325 SQL Injection vulnerability in Froxlor
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.
network
low complexity
froxlor CWE-89
critical
9.8