Vulnerabilities > Froxlor > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-05 | CVE-2022-3869 | Cross-site Scripting vulnerability in Froxlor Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. | 6.1 |
2022-11-04 | CVE-2022-3721 | Cross-site Scripting vulnerability in Froxlor Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39. | 4.6 |
2022-04-13 | CVE-2020-29653 | Cross-site Scripting vulnerability in Froxlor Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. | 4.3 |
2020-03-09 | CVE-2020-10235 | Improper Input Validation vulnerability in Froxlor An issue was discovered in Froxlor before 0.10.14. | 6.5 |
2018-06-26 | CVE-2018-1000527 | Deserialization of Untrusted Data vulnerability in Froxlor Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. | 6.5 |
2018-06-22 | CVE-2018-12642 | Incorrect Permission Assignment for Critical Resource vulnerability in Froxlor Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user. | 5.0 |
2017-09-06 | CVE-2015-5959 | Information Exposure vulnerability in Froxlor Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log. | 5.0 |
2017-02-13 | CVE-2016-5100 | Use of Insufficiently Random Values vulnerability in Froxlor Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value. | 5.0 |