Vulnerabilities > Froxlor
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-16 | CVE-2023-0316 | Path Traversal: '..filename' vulnerability in Froxlor Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0. | 5.5 |
| 2022-12-31 | CVE-2022-4868 | Improper Authorization vulnerability in Froxlor Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | 4.3 |
| 2022-12-31 | CVE-2022-4867 | Cross-Site Request Forgery (CSRF) vulnerability in Froxlor Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | 4.3 |
| 2022-12-30 | CVE-2022-4864 | Injection vulnerability in Froxlor Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | 5.4 |
| 2022-11-05 | CVE-2022-3869 | Cross-site Scripting vulnerability in Froxlor Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. | 6.1 |
| 2022-11-04 | CVE-2022-3721 | Cross-site Scripting vulnerability in Froxlor Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39. | 4.6 |
| 2022-04-13 | CVE-2020-29653 | Cross-site Scripting vulnerability in Froxlor Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. | 4.3 |
| 2021-10-22 | CVE-2020-28957 | Cross-site Scripting vulnerability in Froxlor 0.10.16 Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields. | 3.5 |
| 2021-10-12 | CVE-2021-42325 | SQL Injection vulnerability in Froxlor Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name. | 7.5 |
| 2020-03-09 | CVE-2020-10237 | Information Exposure vulnerability in Froxlor An issue was discovered in Froxlor through 0.10.15. | 2.1 |