Vulnerabilities > Froxlor > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-11-05 CVE-2022-3869 Cross-site Scripting vulnerability in Froxlor
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.
network
low complexity
froxlor CWE-79
6.1
2022-11-04 CVE-2022-3721 Cross-site Scripting vulnerability in Froxlor
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.
network
low complexity
froxlor CWE-79
4.6
2022-04-13 CVE-2020-29653 Cross-site Scripting vulnerability in Froxlor
Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter.
network
froxlor CWE-79
4.3
2020-03-09 CVE-2020-10235 Improper Input Validation vulnerability in Froxlor
An issue was discovered in Froxlor before 0.10.14.
network
low complexity
froxlor CWE-20
6.5
2018-06-26 CVE-2018-1000527 Deserialization of Untrusted Data vulnerability in Froxlor
Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution.
network
low complexity
froxlor CWE-502
6.5
2018-06-22 CVE-2018-12642 Incorrect Permission Assignment for Critical Resource vulnerability in Froxlor
Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user.
network
low complexity
froxlor CWE-732
5.0
2017-09-06 CVE-2015-5959 Information Exposure vulnerability in Froxlor
Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.
network
low complexity
froxlor CWE-200
5.0
2017-02-13 CVE-2016-5100 Use of Insufficiently Random Values vulnerability in Froxlor
Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.
network
low complexity
froxlor CWE-330
5.0