Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/froxlor/froxlor@2.0.12
Typecomposer
Namespacefroxlor
Namefroxlor
Version2.0.12
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.3.7
Latest_non_vulnerable_version2.3.7
Affected_by_vulnerabilities
0
url VCID-1rwn-9phn-kkb4
vulnerability_id VCID-1rwn-9phn-kkb4
summary Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint (accessible to customers with DNS enabled) does not validate the content field for several DNS record types (LOC, RP, SSHFP, TLSA). An attacker can inject newlines and BIND zone file directives (e.g. $INCLUDE) into the zone file that gets written to disk when the DNS rebuild cron job runs. This issue has been patched in version 2.3.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30932
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07562
published_at 2026-06-11T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.07584
published_at 2026-06-14T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.07598
published_at 2026-06-12T12:55:00Z
3
value 0.00025
scoring_system epss
scoring_elements 0.07593
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30932
1
reference_url https://github.com/froxlor/froxlor
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/froxlor
2
reference_url https://github.com/froxlor/froxlor/releases/tag/2.3.5
reference_id 2.3.5
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:30:29Z/
url https://github.com/froxlor/froxlor/releases/tag/2.3.5
3
reference_url https://github.com/froxlor/froxlor/commit/b34829262dc32818b37f6a1eabb426d0b277a86b
reference_id b34829262dc32818b37f6a1eabb426d0b277a86b
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:30:29Z/
url https://github.com/froxlor/froxlor/commit/b34829262dc32818b37f6a1eabb426d0b277a86b
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30932
reference_id CVE-2026-30932
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30932
5
reference_url https://github.com/advisories/GHSA-x6w6-2xwp-3jh6
reference_id GHSA-x6w6-2xwp-3jh6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x6w6-2xwp-3jh6
6
reference_url https://github.com/froxlor/froxlor/security/advisories/GHSA-x6w6-2xwp-3jh6
reference_id GHSA-x6w6-2xwp-3jh6
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:30:29Z/
url https://github.com/froxlor/froxlor/security/advisories/GHSA-x6w6-2xwp-3jh6
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.3.5
purl pkg:composer/froxlor/froxlor@2.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9t9n-1hhp-3yga
1
vulnerability VCID-atns-wuzm-kqh2
2
vulnerability VCID-ebbm-gvf6-xfbd
3
vulnerability VCID-nbu9-sey3-w7es
4
vulnerability VCID-tvgb-xmfz-tuf6
5
vulnerability VCID-w7xv-k4rd-v7bq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.5
aliases CVE-2026-30932, GHSA-x6w6-2xwp-3jh6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1rwn-9phn-kkb4
1
url VCID-38ph-pcue-zydu
vulnerability_id VCID-38ph-pcue-zydu
summary Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-4304
reference_id
reference_type
scores
0
value 0.00236
scoring_system epss
scoring_elements 0.46923
published_at 2026-06-12T12:55:00Z
1
value 0.00236
scoring_system epss
scoring_elements 0.46919
published_at 2026-06-14T12:55:00Z
2
value 0.00236
scoring_system epss
scoring_elements 0.46938
published_at 2026-06-13T12:55:00Z
3
value 0.00236
scoring_system epss
scoring_elements 0.46782
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-4304
1
reference_url https://github.com/Froxlor/Froxlor
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/Froxlor/Froxlor
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4304
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-4304
3
reference_url https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9
reference_id 59fe5037-b253-4b0f-be69-1d2e4af8b4a9
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:04:29Z/
url https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9
4
reference_url https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597
reference_id ce9a5f97a3edb30c7d33878765d3c014a6583597
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:04:29Z/
url https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597
5
reference_url https://github.com/advisories/GHSA-9rmf-6qgj-g3wj
reference_id GHSA-9rmf-6qgj-g3wj
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9rmf-6qgj-g3wj
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.0.22
purl pkg:composer/froxlor/froxlor@2.0.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rwn-9phn-kkb4
1
vulnerability VCID-7e6h-qe19-jken
2
vulnerability VCID-9t9n-1hhp-3yga
3
vulnerability VCID-atns-wuzm-kqh2
4
vulnerability VCID-dptm-3z1r-bubj
5
vulnerability VCID-ebbm-gvf6-xfbd
6
vulnerability VCID-jvvz-9twe-8fb1
7
vulnerability VCID-nbu9-sey3-w7es
8
vulnerability VCID-rw5a-bgxw-bfbd
9
vulnerability VCID-tk6b-p759-jyfv
10
vulnerability VCID-tvgb-xmfz-tuf6
11
vulnerability VCID-u4pt-mr2z-j3f2
12
vulnerability VCID-w7xv-k4rd-v7bq
13
vulnerability VCID-x93s-u6kq-fbbe
14
vulnerability VCID-yqdf-v5wf-j3bj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.22
aliases CVE-2023-4304, GHSA-9rmf-6qgj-g3wj
risk_score 1.7
exploitability 0.5
weighted_severity 3.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-38ph-pcue-zydu
2
url VCID-44fu-9q5x-uuf8
vulnerability_id VCID-44fu-9q5x-uuf8
summary Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2666
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.4409
published_at 2026-06-11T12:55:00Z
1
value 0.00215
scoring_system epss
scoring_elements 0.44251
published_at 2026-06-14T12:55:00Z
2
value 0.00215
scoring_system epss
scoring_elements 0.44244
published_at 2026-06-12T12:55:00Z
3
value 0.00215
scoring_system epss
scoring_elements 0.44263
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2666
1
reference_url https://github.com/froxlor/froxlor
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/froxlor
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2666
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2666
3
reference_url https://huntr.dev/bounties/0bbdc9d4-d9dc-4490-93ef-0a83b451a20f
reference_id 0bbdc9d4-d9dc-4490-93ef-0a83b451a20f
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-24T15:58:44Z/
url https://huntr.dev/bounties/0bbdc9d4-d9dc-4490-93ef-0a83b451a20f
4
reference_url https://github.com/froxlor/froxlor/commit/1679675aa1c29d24344dd2e091ff252accb111d6
reference_id 1679675aa1c29d24344dd2e091ff252accb111d6
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-24T15:58:44Z/
url https://github.com/froxlor/froxlor/commit/1679675aa1c29d24344dd2e091ff252accb111d6
5
reference_url https://github.com/advisories/GHSA-4gm9-c9jq-g523
reference_id GHSA-4gm9-c9jq-g523
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4gm9-c9jq-g523
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.0.16
purl pkg:composer/froxlor/froxlor@2.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rwn-9phn-kkb4
1
vulnerability VCID-38ph-pcue-zydu
2
vulnerability VCID-7e6h-qe19-jken
3
vulnerability VCID-9t9n-1hhp-3yga
4
vulnerability VCID-atns-wuzm-kqh2
5
vulnerability VCID-dptm-3z1r-bubj
6
vulnerability VCID-ebbm-gvf6-xfbd
7
vulnerability VCID-f15s-unrj-57ax
8
vulnerability VCID-gfgb-su1s-ubaj
9
vulnerability VCID-jvvz-9twe-8fb1
10
vulnerability VCID-nbu9-sey3-w7es
11
vulnerability VCID-rw5a-bgxw-bfbd
12
vulnerability VCID-tk6b-p759-jyfv
13
vulnerability VCID-tvgb-xmfz-tuf6
14
vulnerability VCID-u4pt-mr2z-j3f2
15
vulnerability VCID-vbvy-j84s-zygu
16
vulnerability VCID-w7xv-k4rd-v7bq
17
vulnerability VCID-x93s-u6kq-fbbe
18
vulnerability VCID-y4zg-wf1d-4bcm
19
vulnerability VCID-yqdf-v5wf-j3bj
20
vulnerability VCID-zrvp-d87z-p7dy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.16
aliases CVE-2023-2666, GHSA-4gm9-c9jq-g523
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44fu-9q5x-uuf8
3
url VCID-7e6h-qe19-jken
vulnerability_id VCID-7e6h-qe19-jken
summary Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an existing account. This creates potential issues with account identification and security. This vulnerability can be exploited by authenticated users (e.g., reseller, customer) who can create accounts with the same email address that has already been used by another account, such as the admin. The attack vector is email-based, as the system does not prevent multiple accounts from registering the same email address, leading to possible conflicts and security issues. Version 2.2.6 fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-29773
reference_id
reference_type
scores
0
value 0.00089
scoring_system epss
scoring_elements 0.25531
published_at 2026-06-13T12:55:00Z
1
value 0.00089
scoring_system epss
scoring_elements 0.25515
published_at 2026-06-14T12:55:00Z
2
value 0.00089
scoring_system epss
scoring_elements 0.25512
published_at 2026-06-12T12:55:00Z
3
value 0.00089
scoring_system epss
scoring_elements 0.25314
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-29773
1
reference_url https://github.com/froxlor/Froxlor
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/Froxlor
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-29773
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-29773
3
reference_url https://github.com/froxlor/Froxlor/commit/a43d53d54034805e3e404702a01312fa0c40b623
reference_id a43d53d54034805e3e404702a01312fa0c40b623
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-13T18:30:51Z/
url https://github.com/froxlor/Froxlor/commit/a43d53d54034805e3e404702a01312fa0c40b623
4
reference_url https://github.com/advisories/GHSA-7j6w-p859-464f
reference_id GHSA-7j6w-p859-464f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7j6w-p859-464f
5
reference_url https://github.com/froxlor/Froxlor/security/advisories/GHSA-7j6w-p859-464f
reference_id GHSA-7j6w-p859-464f
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-13T18:30:51Z/
url https://github.com/froxlor/Froxlor/security/advisories/GHSA-7j6w-p859-464f
6
reference_url https://mega.nz/file/h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ
reference_id h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-13T18:30:51Z/
url https://mega.nz/file/h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.2.6
purl pkg:composer/froxlor/froxlor@2.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rwn-9phn-kkb4
1
vulnerability VCID-9t9n-1hhp-3yga
2
vulnerability VCID-atns-wuzm-kqh2
3
vulnerability VCID-ebbm-gvf6-xfbd
4
vulnerability VCID-nbu9-sey3-w7es
5
vulnerability VCID-rw5a-bgxw-bfbd
6
vulnerability VCID-tvgb-xmfz-tuf6
7
vulnerability VCID-w7xv-k4rd-v7bq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.2.6
aliases CVE-2025-29773, GHSA-7j6w-p859-464f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7e6h-qe19-jken
4
url VCID-9t9n-1hhp-3yga
vulnerability_id VCID-9t9n-1hhp-3yga
summary Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpoint `Customers.update` (and `Admins.update`) does not validate the `def_language` parameter against the list of available language files. An authenticated customer can set `def_language` to a path traversal payload (e.g., `../../../../../var/customers/webs/customer1/evil`), which is stored in the database. On subsequent requests, `Language::loadLanguage()` constructs a file path using this value and executes it via `require`, achieving arbitrary PHP code execution as the web server user. Version 2.3.6 fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41228
reference_id
reference_type
scores
0
value 0.00085
scoring_system epss
scoring_elements 0.24712
published_at 2026-06-11T12:55:00Z
1
value 0.00085
scoring_system epss
scoring_elements 0.24906
published_at 2026-06-14T12:55:00Z
2
value 0.00085
scoring_system epss
scoring_elements 0.24911
published_at 2026-06-12T12:55:00Z
3
value 0.00085
scoring_system epss
scoring_elements 0.24922
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41228
1
reference_url https://github.com/froxlor/froxlor
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/froxlor
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41228
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41228
3
reference_url https://github.com/froxlor/froxlor/releases/tag/2.3.6
reference_id 2.3.6
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:46:42Z/
url https://github.com/froxlor/froxlor/releases/tag/2.3.6
4
reference_url https://github.com/froxlor/froxlor/commit/bc5e6dbaa90e6f3573129da640595e8c770e1d0c
reference_id bc5e6dbaa90e6f3573129da640595e8c770e1d0c
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:46:42Z/
url https://github.com/froxlor/froxlor/commit/bc5e6dbaa90e6f3573129da640595e8c770e1d0c
5
reference_url https://github.com/advisories/GHSA-w59f-67xm-rxx7
reference_id GHSA-w59f-67xm-rxx7
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w59f-67xm-rxx7
6
reference_url https://github.com/froxlor/froxlor/security/advisories/GHSA-w59f-67xm-rxx7
reference_id GHSA-w59f-67xm-rxx7
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:46:42Z/
url https://github.com/froxlor/froxlor/security/advisories/GHSA-w59f-67xm-rxx7
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.3.6
purl pkg:composer/froxlor/froxlor@2.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-46tt-1n8z-xuct
1
vulnerability VCID-kjsn-vrac-67f9
2
vulnerability VCID-uyv2-5ka7-pufp
3
vulnerability VCID-vvvf-273x-s3g8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6
aliases CVE-2026-41228, GHSA-w59f-67xm-rxx7
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9t9n-1hhp-3yga
5
url VCID-atns-wuzm-kqh2
vulnerability_id VCID-atns-wuzm-kqh2
summary Froxlor is open source server administration software. Prior to version 2.3.6, `DomainZones::add()` accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the `content` field. When a DNS type not covered by the if/elseif validation chain is submitted (e.g., `NAPTR`, `PTR`, `HINFO`), content validation is entirely bypassed. Embedded newline characters in the content survive `trim()` processing, are stored in the database, and are written directly into BIND zone files via `DnsEntry::__toString()`. An authenticated customer can inject arbitrary DNS records and BIND directives (`$INCLUDE`, `$ORIGIN`, `$GENERATE`) into their domain's zone file. Version 2.3.6 fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41230
reference_id
reference_type
scores
0
value 0.00057
scoring_system epss
scoring_elements 0.18253
published_at 2026-06-11T12:55:00Z
1
value 0.00057
scoring_system epss
scoring_elements 0.18414
published_at 2026-06-14T12:55:00Z
2
value 0.00057
scoring_system epss
scoring_elements 0.18416
published_at 2026-06-12T12:55:00Z
3
value 0.00057
scoring_system epss
scoring_elements 0.18437
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41230
1
reference_url https://github.com/froxlor/froxlor
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/froxlor
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41230
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41230
3
reference_url https://github.com/froxlor/froxlor/releases/tag/2.3.6
reference_id 2.3.6
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:58:05Z/
url https://github.com/froxlor/froxlor/releases/tag/2.3.6
4
reference_url https://github.com/froxlor/froxlor/commit/47a8af5d9523cb6ec94567405cfc2e294d3a1442
reference_id 47a8af5d9523cb6ec94567405cfc2e294d3a1442
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:58:05Z/
url https://github.com/froxlor/froxlor/commit/47a8af5d9523cb6ec94567405cfc2e294d3a1442
5
reference_url https://github.com/advisories/GHSA-47hf-23pw-3m8c
reference_id GHSA-47hf-23pw-3m8c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-47hf-23pw-3m8c
6
reference_url https://github.com/froxlor/froxlor/security/advisories/GHSA-47hf-23pw-3m8c
reference_id GHSA-47hf-23pw-3m8c
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:58:05Z/
url https://github.com/froxlor/froxlor/security/advisories/GHSA-47hf-23pw-3m8c
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.3.6
purl pkg:composer/froxlor/froxlor@2.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-46tt-1n8z-xuct
1
vulnerability VCID-kjsn-vrac-67f9
2
vulnerability VCID-uyv2-5ka7-pufp
3
vulnerability VCID-vvvf-273x-s3g8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6
aliases CVE-2026-41230, GHSA-47hf-23pw-3m8c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-atns-wuzm-kqh2
6
url VCID-dptm-3z1r-bubj
vulnerability_id VCID-dptm-3z1r-bubj
summary Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting (XSS) vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on the Login attempt, which will then be executed when viewed by the Administrator in the System Logs. By exploiting this vulnerability, the attacker can perform various malicious actions such as forcing the Administrator to execute actions without their knowledge or consent. For instance, the attacker can force the Administrator to add a new administrator controlled by the attacker, thereby giving the attacker full control over the application. This vulnerability is fixed in 2.1.9.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34070
reference_id
reference_type
scores
0
value 0.00976
scoring_system epss
scoring_elements 0.77122
published_at 2026-06-11T12:55:00Z
1
value 0.00976
scoring_system epss
scoring_elements 0.77197
published_at 2026-06-14T12:55:00Z
2
value 0.00976
scoring_system epss
scoring_elements 0.77193
published_at 2026-06-12T12:55:00Z
3
value 0.00976
scoring_system epss
scoring_elements 0.77205
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34070
1
reference_url https://github.com/froxlor/Froxlor
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/Froxlor
2
reference_url https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6
reference_id a862307bce5cdfb1c208b835f3e8faddd23046e6
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 9.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-10T20:22:17Z/
url https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34070
reference_id CVE-2024-34070
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34070
4
reference_url https://github.com/advisories/GHSA-x525-54hf-xr53
reference_id GHSA-x525-54hf-xr53
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x525-54hf-xr53
5
reference_url https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53
reference_id GHSA-x525-54hf-xr53
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 9.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-10T20:22:17Z/
url https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.1.9
purl pkg:composer/froxlor/froxlor@2.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rwn-9phn-kkb4
1
vulnerability VCID-7e6h-qe19-jken
2
vulnerability VCID-9t9n-1hhp-3yga
3
vulnerability VCID-atns-wuzm-kqh2
4
vulnerability VCID-ebbm-gvf6-xfbd
5
vulnerability VCID-jvvz-9twe-8fb1
6
vulnerability VCID-nbu9-sey3-w7es
7
vulnerability VCID-rw5a-bgxw-bfbd
8
vulnerability VCID-tvgb-xmfz-tuf6
9
vulnerability VCID-u4pt-mr2z-j3f2
10
vulnerability VCID-w7xv-k4rd-v7bq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.9
aliases CVE-2024-34070, GHSA-x525-54hf-xr53
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dptm-3z1r-bubj
7
url VCID-ebbm-gvf6-xfbd
vulnerability_id VCID-ebbm-gvf6-xfbd
summary Froxlor is open source server administration software. Prior to version 2.3.6, `PhpHelper::parseArrayToString()` writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with `change_serversettings` permission adds or updates a MySQL server via the API, the `privileged_user` parameter (which has no input validation) is written unescaped into `lib/userdata.inc.php`. Since this file is `require`d on every request via `Database::getDB()`, an attacker can inject arbitrary PHP code that executes as the web server user on every subsequent page load. Version 2.3.6 contains a patch.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41229
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.2754
published_at 2026-06-11T12:55:00Z
1
value 0.00102
scoring_system epss
scoring_elements 0.27758
published_at 2026-06-14T12:55:00Z
2
value 0.00102
scoring_system epss
scoring_elements 0.27743
published_at 2026-06-12T12:55:00Z
3
value 0.00102
scoring_system epss
scoring_elements 0.27768
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41229
1
reference_url https://github.com/froxlor/froxlor
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/froxlor
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41229
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41229
3
reference_url https://github.com/froxlor/froxlor/releases/tag/2.3.6
reference_id 2.3.6
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T12:31:11Z/
url https://github.com/froxlor/froxlor/releases/tag/2.3.6
4
reference_url https://github.com/froxlor/froxlor/commit/3589ddf93ab59eb2a8971f0f56cbf6266d03c4ae
reference_id 3589ddf93ab59eb2a8971f0f56cbf6266d03c4ae
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T12:31:11Z/
url https://github.com/froxlor/froxlor/commit/3589ddf93ab59eb2a8971f0f56cbf6266d03c4ae
5
reference_url https://github.com/advisories/GHSA-gc9w-cc93-rjv8
reference_id GHSA-gc9w-cc93-rjv8
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gc9w-cc93-rjv8
6
reference_url https://github.com/froxlor/froxlor/security/advisories/GHSA-gc9w-cc93-rjv8
reference_id GHSA-gc9w-cc93-rjv8
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T12:31:11Z/
url https://github.com/froxlor/froxlor/security/advisories/GHSA-gc9w-cc93-rjv8
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.3.6
purl pkg:composer/froxlor/froxlor@2.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-46tt-1n8z-xuct
1
vulnerability VCID-kjsn-vrac-67f9
2
vulnerability VCID-uyv2-5ka7-pufp
3
vulnerability VCID-vvvf-273x-s3g8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6
aliases CVE-2026-41229, GHSA-gc9w-cc93-rjv8
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ebbm-gvf6-xfbd
8
url VCID-f15s-unrj-57ax
vulnerability_id VCID-f15s-unrj-57ax
summary Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3192
reference_id
reference_type
scores
0
value 0.00158
scoring_system epss
scoring_elements 0.36562
published_at 2026-06-14T12:55:00Z
1
value 0.00158
scoring_system epss
scoring_elements 0.36573
published_at 2026-06-13T12:55:00Z
2
value 0.0016
scoring_system epss
scoring_elements 0.36727
published_at 2026-06-11T12:55:00Z
3
value 0.0017
scoring_system epss
scoring_elements 0.38195
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3192
1
reference_url https://github.com/froxlor/froxlor
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/froxlor
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3192
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-3192
3
reference_url https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52
reference_id 94d9c3eedf31bc8447e3aa349e32880dde02ee52
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:04:10Z/
url https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52
4
reference_url https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551
reference_id f3644772-9c86-4f55-a0fa-aeb11f411551
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:04:10Z/
url https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551
5
reference_url https://github.com/advisories/GHSA-jr66-9ghf-6gp3
reference_id GHSA-jr66-9ghf-6gp3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jr66-9ghf-6gp3
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.1.0
purl pkg:composer/froxlor/froxlor@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rwn-9phn-kkb4
1
vulnerability VCID-7e6h-qe19-jken
2
vulnerability VCID-9t9n-1hhp-3yga
3
vulnerability VCID-atns-wuzm-kqh2
4
vulnerability VCID-dptm-3z1r-bubj
5
vulnerability VCID-ebbm-gvf6-xfbd
6
vulnerability VCID-jvvz-9twe-8fb1
7
vulnerability VCID-nbu9-sey3-w7es
8
vulnerability VCID-rw5a-bgxw-bfbd
9
vulnerability VCID-tvgb-xmfz-tuf6
10
vulnerability VCID-u4pt-mr2z-j3f2
11
vulnerability VCID-w7xv-k4rd-v7bq
12
vulnerability VCID-x93s-u6kq-fbbe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.0
aliases CVE-2023-3192, GHSA-jr66-9ghf-6gp3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f15s-unrj-57ax
9
url VCID-gfgb-su1s-ubaj
vulnerability_id VCID-gfgb-su1s-ubaj
summary Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3173
reference_id
reference_type
scores
0
value 0.00137
scoring_system epss
scoring_elements 0.335
published_at 2026-06-11T12:55:00Z
1
value 0.00137
scoring_system epss
scoring_elements 0.33676
published_at 2026-06-14T12:55:00Z
2
value 0.00137
scoring_system epss
scoring_elements 0.3368
published_at 2026-06-12T12:55:00Z
3
value 0.00137
scoring_system epss
scoring_elements 0.33702
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3173
1
reference_url https://github.com/froxlor/froxlor
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/froxlor
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3173
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-3173
3
reference_url https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6
reference_id 464216072456efb35b4541c58e7016463dfbd9a6
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-06T17:11:52Z/
url https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6
4
reference_url https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14
reference_id 4d715f76-950d-4251-8139-3dffea798f14
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-06T17:11:52Z/
url https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14
5
reference_url https://github.com/advisories/GHSA-chw4-88xc-79w6
reference_id GHSA-chw4-88xc-79w6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-chw4-88xc-79w6
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.0.20
purl pkg:composer/froxlor/froxlor@2.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rwn-9phn-kkb4
1
vulnerability VCID-38ph-pcue-zydu
2
vulnerability VCID-7e6h-qe19-jken
3
vulnerability VCID-9t9n-1hhp-3yga
4
vulnerability VCID-atns-wuzm-kqh2
5
vulnerability VCID-dptm-3z1r-bubj
6
vulnerability VCID-ebbm-gvf6-xfbd
7
vulnerability VCID-f15s-unrj-57ax
8
vulnerability VCID-jvvz-9twe-8fb1
9
vulnerability VCID-nbu9-sey3-w7es
10
vulnerability VCID-rw5a-bgxw-bfbd
11
vulnerability VCID-tk6b-p759-jyfv
12
vulnerability VCID-tvgb-xmfz-tuf6
13
vulnerability VCID-u4pt-mr2z-j3f2
14
vulnerability VCID-w7xv-k4rd-v7bq
15
vulnerability VCID-x93s-u6kq-fbbe
16
vulnerability VCID-y4zg-wf1d-4bcm
17
vulnerability VCID-yqdf-v5wf-j3bj
18
vulnerability VCID-zrvp-d87z-p7dy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.20
aliases CVE-2023-3173, GHSA-chw4-88xc-79w6
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfgb-su1s-ubaj
10
url VCID-hhmm-9bdt-fyb5
vulnerability_id VCID-hhmm-9bdt-fyb5
summary Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2034
reference_id
reference_type
scores
0
value 0.08952
scoring_system epss
scoring_elements 0.92779
published_at 2026-06-11T12:55:00Z
1
value 0.08952
scoring_system epss
scoring_elements 0.92806
published_at 2026-06-14T12:55:00Z
2
value 0.08952
scoring_system epss
scoring_elements 0.92804
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2034
1
reference_url https://github.com/Froxlor/Froxlor
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/Froxlor/Froxlor
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2034
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2034
3
reference_url https://huntr.dev/bounties/aba6beaa-570e-4523-8128-da4d8e374ef6
reference_id aba6beaa-570e-4523-8128-da4d8e374ef6
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T21:01:22Z/
url https://huntr.dev/bounties/aba6beaa-570e-4523-8128-da4d8e374ef6
4
reference_url https://github.com/froxlor/froxlor/commit/f36bc61fc74c85a21c8d31448198b11f96eb3bc6
reference_id f36bc61fc74c85a21c8d31448198b11f96eb3bc6
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T21:01:22Z/
url https://github.com/froxlor/froxlor/commit/f36bc61fc74c85a21c8d31448198b11f96eb3bc6
5
reference_url https://github.com/advisories/GHSA-qwvp-g9j7-28f6
reference_id GHSA-qwvp-g9j7-28f6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qwvp-g9j7-28f6
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.0.14
purl pkg:composer/froxlor/froxlor@2.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rwn-9phn-kkb4
1
vulnerability VCID-38ph-pcue-zydu
2
vulnerability VCID-44fu-9q5x-uuf8
3
vulnerability VCID-7e6h-qe19-jken
4
vulnerability VCID-9t9n-1hhp-3yga
5
vulnerability VCID-atns-wuzm-kqh2
6
vulnerability VCID-dptm-3z1r-bubj
7
vulnerability VCID-ebbm-gvf6-xfbd
8
vulnerability VCID-f15s-unrj-57ax
9
vulnerability VCID-gfgb-su1s-ubaj
10
vulnerability VCID-jvvz-9twe-8fb1
11
vulnerability VCID-nbu9-sey3-w7es
12
vulnerability VCID-rw5a-bgxw-bfbd
13
vulnerability VCID-tk6b-p759-jyfv
14
vulnerability VCID-tvgb-xmfz-tuf6
15
vulnerability VCID-u4pt-mr2z-j3f2
16
vulnerability VCID-vbvy-j84s-zygu
17
vulnerability VCID-w7xv-k4rd-v7bq
18
vulnerability VCID-x93s-u6kq-fbbe
19
vulnerability VCID-y4zg-wf1d-4bcm
20
vulnerability VCID-yqdf-v5wf-j3bj
21
vulnerability VCID-zrvp-d87z-p7dy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.14
aliases CVE-2023-2034, GHSA-qwvp-g9j7-28f6
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hhmm-9bdt-fyb5
11
url VCID-jvvz-9twe-8fb1
vulnerability_id VCID-jvvz-9twe-8fb1
summary Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48958
reference_id
reference_type
scores
0
value 0.00171
scoring_system epss
scoring_elements 0.38415
published_at 2026-06-13T12:55:00Z
1
value 0.00171
scoring_system epss
scoring_elements 0.38403
published_at 2026-06-14T12:55:00Z
2
value 0.00171
scoring_system epss
scoring_elements 0.38392
published_at 2026-06-12T12:55:00Z
3
value 0.00171
scoring_system epss
scoring_elements 0.38218
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48958
1
reference_url https://github.com/froxlor/Froxlor
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/Froxlor
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-48958
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-48958
3
reference_url https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e
reference_id 86947633-3e7c-4e10-86cc-92e577761e8e
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T16:40:22Z/
url https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e
4
reference_url https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a
reference_id fde43f80600f1035e1e3d2297411b666d805549a
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T16:40:22Z/
url https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a
5
reference_url https://github.com/advisories/GHSA-26xq-m8xw-6373
reference_id GHSA-26xq-m8xw-6373
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-26xq-m8xw-6373
6
reference_url https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373
reference_id GHSA-26xq-m8xw-6373
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T16:40:22Z/
url https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.2.6
purl pkg:composer/froxlor/froxlor@2.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rwn-9phn-kkb4
1
vulnerability VCID-9t9n-1hhp-3yga
2
vulnerability VCID-atns-wuzm-kqh2
3
vulnerability VCID-ebbm-gvf6-xfbd
4
vulnerability VCID-nbu9-sey3-w7es
5
vulnerability VCID-rw5a-bgxw-bfbd
6
vulnerability VCID-tvgb-xmfz-tuf6
7
vulnerability VCID-w7xv-k4rd-v7bq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.2.6
aliases CVE-2025-48958, GHSA-26xq-m8xw-6373
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jvvz-9twe-8fb1
12
url VCID-nbu9-sey3-w7es
vulnerability_id VCID-nbu9-sey3-w7es
summary Froxlor is open source server administration software. Prior to version 2.3.6, in `EmailSender::add()`, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to `validateLocalDomainOwnership()`. This causes the ownership check to always pass for non-existent "domains," allowing any authenticated customer to add sender aliases for email addresses on domains belonging to other customers. Postfix's `sender_login_maps` then authorizes the attacker to send emails as those addresses. Version 2.3.6 fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41232
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.12259
published_at 2026-06-14T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.12181
published_at 2026-06-11T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.1228
published_at 2026-06-13T12:55:00Z
3
value 0.00039
scoring_system epss
scoring_elements 0.12274
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41232
1
reference_url https://github.com/froxlor/froxlor
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/froxlor
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41232
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41232
3
reference_url https://github.com/froxlor/froxlor/releases/tag/2.3.6
reference_id 2.3.6
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:49:29Z/
url https://github.com/froxlor/froxlor/releases/tag/2.3.6
4
reference_url https://github.com/froxlor/froxlor/commit/77d04badf549d5f8429828f0fbc69bc37a35e07a
reference_id 77d04badf549d5f8429828f0fbc69bc37a35e07a
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:49:29Z/
url https://github.com/froxlor/froxlor/commit/77d04badf549d5f8429828f0fbc69bc37a35e07a
5
reference_url https://github.com/advisories/GHSA-vmjj-qr7v-pxm6
reference_id GHSA-vmjj-qr7v-pxm6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vmjj-qr7v-pxm6
6
reference_url https://github.com/froxlor/froxlor/security/advisories/GHSA-vmjj-qr7v-pxm6
reference_id GHSA-vmjj-qr7v-pxm6
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:49:29Z/
url https://github.com/froxlor/froxlor/security/advisories/GHSA-vmjj-qr7v-pxm6
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.3.6
purl pkg:composer/froxlor/froxlor@2.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-46tt-1n8z-xuct
1
vulnerability VCID-kjsn-vrac-67f9
2
vulnerability VCID-uyv2-5ka7-pufp
3
vulnerability VCID-vvvf-273x-s3g8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6
aliases CVE-2026-41232, GHSA-vmjj-qr7v-pxm6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nbu9-sey3-w7es
13
url VCID-rw5a-bgxw-bfbd
vulnerability_id VCID-rw5a-bgxw-bfbd
summary Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code (== instead of =) completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the panel.adminmail setting. This value is later concatenated into a shell command executed as root by a cron job, where the pipe character | is explicitly whitelisted. The result is full root-level Remote Code Execution. This vulnerability is fixed in 2.3.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26279
reference_id
reference_type
scores
0
value 0.009
scoring_system epss
scoring_elements 0.76198
published_at 2026-06-14T12:55:00Z
1
value 0.009
scoring_system epss
scoring_elements 0.76204
published_at 2026-06-13T12:55:00Z
2
value 0.009
scoring_system epss
scoring_elements 0.76191
published_at 2026-06-12T12:55:00Z
3
value 0.009
scoring_system epss
scoring_elements 0.76119
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26279
1
reference_url https://github.com/froxlor/froxlor
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/froxlor
2
reference_url https://github.com/froxlor/froxlor/commit/22249677107f8f39f8d4a238605641e87dab4343
reference_id 22249677107f8f39f8d4a238605641e87dab4343
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:12:37Z/
url https://github.com/froxlor/froxlor/commit/22249677107f8f39f8d4a238605641e87dab4343
3
reference_url https://github.com/froxlor/froxlor/releases/tag/2.3.4
reference_id 2.3.4
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:12:37Z/
url https://github.com/froxlor/froxlor/releases/tag/2.3.4
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26279
reference_id CVE-2026-26279
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26279
5
reference_url https://github.com/advisories/GHSA-33mp-8p67-xj7c
reference_id GHSA-33mp-8p67-xj7c
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-33mp-8p67-xj7c
6
reference_url https://github.com/froxlor/Froxlor/security/advisories/GHSA-33mp-8p67-xj7c
reference_id GHSA-33mp-8p67-xj7c
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:12:37Z/
url https://github.com/froxlor/Froxlor/security/advisories/GHSA-33mp-8p67-xj7c
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.3.4
purl pkg:composer/froxlor/froxlor@2.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rwn-9phn-kkb4
1
vulnerability VCID-9t9n-1hhp-3yga
2
vulnerability VCID-atns-wuzm-kqh2
3
vulnerability VCID-ebbm-gvf6-xfbd
4
vulnerability VCID-nbu9-sey3-w7es
5
vulnerability VCID-tvgb-xmfz-tuf6
6
vulnerability VCID-w7xv-k4rd-v7bq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.4
aliases CVE-2026-26279, GHSA-33mp-8p67-xj7c
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rw5a-bgxw-bfbd
14
url VCID-tk6b-p759-jyfv
vulnerability_id VCID-tk6b-p759-jyfv
summary Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5564
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.18716
published_at 2026-06-14T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.18721
published_at 2026-06-12T12:55:00Z
2
value 0.00058
scoring_system epss
scoring_elements 0.18739
published_at 2026-06-13T12:55:00Z
3
value 0.00058
scoring_system epss
scoring_elements 0.18558
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5564
1
reference_url https://github.com/Froxlor/Froxlor
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Froxlor/Froxlor
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5564
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5564
3
reference_url https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c
reference_id 9254d8f3-a847-4ae8-8477-d2ce027cff5c
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T17:07:19Z/
url https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c
4
reference_url https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa
reference_id e8ed43056c1665522a586e3485da67f2bdf073aa
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T17:07:19Z/
url https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa
5
reference_url https://github.com/advisories/GHSA-j5hq-6frc-64v3
reference_id GHSA-j5hq-6frc-64v3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j5hq-6frc-64v3
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.1.0-dev1
purl pkg:composer/froxlor/froxlor@2.1.0-dev1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.0-dev1
aliases CVE-2023-5564, GHSA-j5hq-6frc-64v3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tk6b-p759-jyfv
15
url VCID-tvgb-xmfz-tuf6
vulnerability_id VCID-tvgb-xmfz-tuf6
summary Froxlor is open source server administration software. Prior to version 2.3.6, in `Domains.add()`, the `adminid` parameter is accepted from user input and used without validation when the calling reseller does not have the `customers_see_all` permission. This allows a reseller to attribute newly created domains to any other admin, bypassing their own domain quota (since the wrong admin's `domains_used` counter is incremented) and potentially exhausting another admin's quota. Version 2.3.6 fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41233
reference_id
reference_type
scores
0
value 0.00053
scoring_system epss
scoring_elements 0.17011
published_at 2026-06-11T12:55:00Z
1
value 0.00053
scoring_system epss
scoring_elements 0.17153
published_at 2026-06-14T12:55:00Z
2
value 0.00053
scoring_system epss
scoring_elements 0.17167
published_at 2026-06-12T12:55:00Z
3
value 0.00053
scoring_system epss
scoring_elements 0.17179
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41233
1
reference_url https://github.com/froxlor/froxlor
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/froxlor
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41233
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41233
3
reference_url https://github.com/froxlor/froxlor/releases/tag/2.3.6
reference_id 2.3.6
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T12:26:17Z/
url https://github.com/froxlor/froxlor/releases/tag/2.3.6
4
reference_url https://github.com/froxlor/froxlor/commit/bf47ba15329506e9f9662f9462463932aa80dff5
reference_id bf47ba15329506e9f9662f9462463932aa80dff5
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T12:26:17Z/
url https://github.com/froxlor/froxlor/commit/bf47ba15329506e9f9662f9462463932aa80dff5
5
reference_url https://github.com/advisories/GHSA-jvx4-xv3m-hrj4
reference_id GHSA-jvx4-xv3m-hrj4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jvx4-xv3m-hrj4
6
reference_url https://github.com/froxlor/froxlor/security/advisories/GHSA-jvx4-xv3m-hrj4
reference_id GHSA-jvx4-xv3m-hrj4
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T12:26:17Z/
url https://github.com/froxlor/froxlor/security/advisories/GHSA-jvx4-xv3m-hrj4
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.3.6
purl pkg:composer/froxlor/froxlor@2.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-46tt-1n8z-xuct
1
vulnerability VCID-kjsn-vrac-67f9
2
vulnerability VCID-uyv2-5ka7-pufp
3
vulnerability VCID-vvvf-273x-s3g8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6
aliases CVE-2026-41233, GHSA-jvx4-xv3m-hrj4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tvgb-xmfz-tuf6
16
url VCID-u4pt-mr2z-j3f2
vulnerability_id VCID-u4pt-mr2z-j3f2
summary Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD>
references
0
reference_url https://github.com/froxlor/Froxlor
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/Froxlor
1
reference_url https://github.com/froxlor/Froxlor/blob/2.1.9/lib/configfiles/bookworm.xml#L3075
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/Froxlor/blob/2.1.9/lib/configfiles/bookworm.xml#L3075
2
reference_url https://github.com/froxlor/Froxlor/commit/5d2ce4ecfb0e9c397ef5c73b107fb9a0e122e910
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/Froxlor/commit/5d2ce4ecfb0e9c397ef5c73b107fb9a0e122e910
3
reference_url https://github.com/advisories/GHSA-34qg-65m4-f23m
reference_id GHSA-34qg-65m4-f23m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-34qg-65m4-f23m
4
reference_url https://github.com/froxlor/Froxlor/security/advisories/GHSA-34qg-65m4-f23m
reference_id GHSA-34qg-65m4-f23m
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/Froxlor/security/advisories/GHSA-34qg-65m4-f23m
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.2.0
purl pkg:composer/froxlor/froxlor@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rwn-9phn-kkb4
1
vulnerability VCID-7e6h-qe19-jken
2
vulnerability VCID-9t9n-1hhp-3yga
3
vulnerability VCID-atns-wuzm-kqh2
4
vulnerability VCID-ebbm-gvf6-xfbd
5
vulnerability VCID-jvvz-9twe-8fb1
6
vulnerability VCID-nbu9-sey3-w7es
7
vulnerability VCID-rw5a-bgxw-bfbd
8
vulnerability VCID-tvgb-xmfz-tuf6
9
vulnerability VCID-w7xv-k4rd-v7bq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.2.0
aliases GHSA-34qg-65m4-f23m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u4pt-mr2z-j3f2
17
url VCID-vbvy-j84s-zygu
vulnerability_id VCID-vbvy-j84s-zygu
summary Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3172
reference_id
reference_type
scores
0
value 0.00299
scoring_system epss
scoring_elements 0.53797
published_at 2026-06-14T12:55:00Z
1
value 0.00299
scoring_system epss
scoring_elements 0.53813
published_at 2026-06-13T12:55:00Z
2
value 0.00299
scoring_system epss
scoring_elements 0.53671
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3172
1
reference_url https://github.com/froxlor/froxlor
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/froxlor
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3172
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-3172
3
reference_url https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e
reference_id da810ea95393dfaec68a70e30b7c887c50563a7e
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:12:19Z/
url https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e
4
reference_url https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e
reference_id e50966cd-9222-46b9-aedc-1feb3f2a0b0e
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:12:19Z/
url https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e
5
reference_url https://github.com/advisories/GHSA-ghqq-jfx7-f6m9
reference_id GHSA-ghqq-jfx7-f6m9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ghqq-jfx7-f6m9
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.0.20
purl pkg:composer/froxlor/froxlor@2.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rwn-9phn-kkb4
1
vulnerability VCID-38ph-pcue-zydu
2
vulnerability VCID-7e6h-qe19-jken
3
vulnerability VCID-9t9n-1hhp-3yga
4
vulnerability VCID-atns-wuzm-kqh2
5
vulnerability VCID-dptm-3z1r-bubj
6
vulnerability VCID-ebbm-gvf6-xfbd
7
vulnerability VCID-f15s-unrj-57ax
8
vulnerability VCID-jvvz-9twe-8fb1
9
vulnerability VCID-nbu9-sey3-w7es
10
vulnerability VCID-rw5a-bgxw-bfbd
11
vulnerability VCID-tk6b-p759-jyfv
12
vulnerability VCID-tvgb-xmfz-tuf6
13
vulnerability VCID-u4pt-mr2z-j3f2
14
vulnerability VCID-w7xv-k4rd-v7bq
15
vulnerability VCID-x93s-u6kq-fbbe
16
vulnerability VCID-y4zg-wf1d-4bcm
17
vulnerability VCID-yqdf-v5wf-j3bj
18
vulnerability VCID-zrvp-d87z-p7dy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.20
aliases CVE-2023-3172, GHSA-ghqq-jfx7-f6m9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vbvy-j84s-zygu
18
url VCID-w7xv-k4rd-v7bq
vulnerability_id VCID-w7xv-k4rd-v7bq
summary Froxlor is open source server administration software. Prior to version 2.3.6, `DataDump.add()` constructs the export destination path from user-supplied input without passing the `$fixed_homedir` parameter to `FileDir::makeCorrectDir()`, bypassing the symlink validation that was added to all other customer-facing path operations (likely as the fix for CVE-2023-6069). When the ExportCron runs as root, it executes `chown -R` on the resolved symlink target, allowing a customer to take ownership of arbitrary directories on the system. Version 2.3.6 contains an updated fix.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41231
reference_id
reference_type
scores
0
value 0.00087
scoring_system epss
scoring_elements 0.24972
published_at 2026-06-11T12:55:00Z
1
value 0.00087
scoring_system epss
scoring_elements 0.25172
published_at 2026-06-12T12:55:00Z
2
value 0.00118
scoring_system epss
scoring_elements 0.30399
published_at 2026-06-14T12:55:00Z
3
value 0.00118
scoring_system epss
scoring_elements 0.30411
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41231
1
reference_url https://github.com/froxlor/froxlor
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/froxlor
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41231
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41231
3
reference_url https://github.com/froxlor/froxlor/releases/tag/2.3.6
reference_id 2.3.6
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:48:21Z/
url https://github.com/froxlor/froxlor/releases/tag/2.3.6
4
reference_url https://github.com/froxlor/froxlor/commit/2987b0e8806ef12b532410050ad76d13d673a87d
reference_id 2987b0e8806ef12b532410050ad76d13d673a87d
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:48:21Z/
url https://github.com/froxlor/froxlor/commit/2987b0e8806ef12b532410050ad76d13d673a87d
5
reference_url https://github.com/advisories/GHSA-75h4-c557-j89r
reference_id GHSA-75h4-c557-j89r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-75h4-c557-j89r
6
reference_url https://github.com/froxlor/froxlor/security/advisories/GHSA-75h4-c557-j89r
reference_id GHSA-75h4-c557-j89r
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:48:21Z/
url https://github.com/froxlor/froxlor/security/advisories/GHSA-75h4-c557-j89r
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.3.6
purl pkg:composer/froxlor/froxlor@2.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-46tt-1n8z-xuct
1
vulnerability VCID-kjsn-vrac-67f9
2
vulnerability VCID-uyv2-5ka7-pufp
3
vulnerability VCID-vvvf-273x-s3g8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6
aliases CVE-2026-41231, GHSA-75h4-c557-j89r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w7xv-k4rd-v7bq
19
url VCID-x93s-u6kq-fbbe
vulnerability_id VCID-x93s-u6kq-fbbe
summary Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50256
reference_id
reference_type
scores
0
value 0.00059
scoring_system epss
scoring_elements 0.18894
published_at 2026-06-12T12:55:00Z
1
value 0.00059
scoring_system epss
scoring_elements 0.18888
published_at 2026-06-14T12:55:00Z
2
value 0.00059
scoring_system epss
scoring_elements 0.18731
published_at 2026-06-11T12:55:00Z
3
value 0.00059
scoring_system epss
scoring_elements 0.18912
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50256
1
reference_url https://github.com/Froxlor/Froxlor
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Froxlor/Froxlor
2
reference_url https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4
reference_id 289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-09T15:34:46Z/
url https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4
3
reference_url https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac
reference_id 4b1846883d4828962add91bd844596d89a9c7cac
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-09T15:34:46Z/
url https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50256
reference_id CVE-2023-50256
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-50256
5
reference_url https://github.com/advisories/GHSA-625g-fm5w-w7w4
reference_id GHSA-625g-fm5w-w7w4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-625g-fm5w-w7w4
6
reference_url https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4
reference_id GHSA-625g-fm5w-w7w4
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-09T15:34:46Z/
url https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.1.2
purl pkg:composer/froxlor/froxlor@2.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rwn-9phn-kkb4
1
vulnerability VCID-7e6h-qe19-jken
2
vulnerability VCID-9t9n-1hhp-3yga
3
vulnerability VCID-atns-wuzm-kqh2
4
vulnerability VCID-dptm-3z1r-bubj
5
vulnerability VCID-ebbm-gvf6-xfbd
6
vulnerability VCID-jvvz-9twe-8fb1
7
vulnerability VCID-nbu9-sey3-w7es
8
vulnerability VCID-rw5a-bgxw-bfbd
9
vulnerability VCID-tvgb-xmfz-tuf6
10
vulnerability VCID-u4pt-mr2z-j3f2
11
vulnerability VCID-w7xv-k4rd-v7bq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.2
aliases CVE-2023-50256, GHSA-625g-fm5w-w7w4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x93s-u6kq-fbbe
20
url VCID-xpgs-hpf3-3qff
vulnerability_id VCID-xpgs-hpf3-3qff
summary Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1307
reference_id
reference_type
scores
0
value 0.00475
scoring_system epss
scoring_elements 0.65307
published_at 2026-06-11T12:55:00Z
1
value 0.00475
scoring_system epss
scoring_elements 0.65416
published_at 2026-06-14T12:55:00Z
2
value 0.00475
scoring_system epss
scoring_elements 0.65407
published_at 2026-06-12T12:55:00Z
3
value 0.00475
scoring_system epss
scoring_elements 0.65418
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1307
1
reference_url https://github.com/Froxlor/Froxlor
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/Froxlor/Froxlor
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1307
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1307
3
reference_url https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1
reference_id 5fe85af4-a667-41a9-a00d-f99e07c5e2f1
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-28T17:05:24Z/
url https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1
4
reference_url https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23
reference_id 6777fbf229200f4fd566022e186548391219ab23
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-28T17:05:24Z/
url https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23
5
reference_url https://github.com/advisories/GHSA-j83x-r9qq-9g4v
reference_id GHSA-j83x-r9qq-9g4v
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j83x-r9qq-9g4v
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.0.13
purl pkg:composer/froxlor/froxlor@2.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rwn-9phn-kkb4
1
vulnerability VCID-38ph-pcue-zydu
2
vulnerability VCID-44fu-9q5x-uuf8
3
vulnerability VCID-7e6h-qe19-jken
4
vulnerability VCID-9t9n-1hhp-3yga
5
vulnerability VCID-atns-wuzm-kqh2
6
vulnerability VCID-dptm-3z1r-bubj
7
vulnerability VCID-ebbm-gvf6-xfbd
8
vulnerability VCID-f15s-unrj-57ax
9
vulnerability VCID-gfgb-su1s-ubaj
10
vulnerability VCID-hhmm-9bdt-fyb5
11
vulnerability VCID-jvvz-9twe-8fb1
12
vulnerability VCID-nbu9-sey3-w7es
13
vulnerability VCID-rw5a-bgxw-bfbd
14
vulnerability VCID-tk6b-p759-jyfv
15
vulnerability VCID-tvgb-xmfz-tuf6
16
vulnerability VCID-u4pt-mr2z-j3f2
17
vulnerability VCID-vbvy-j84s-zygu
18
vulnerability VCID-w7xv-k4rd-v7bq
19
vulnerability VCID-x93s-u6kq-fbbe
20
vulnerability VCID-y4zg-wf1d-4bcm
21
vulnerability VCID-yqdf-v5wf-j3bj
22
vulnerability VCID-zrvp-d87z-p7dy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.13
aliases CVE-2023-1307, GHSA-j83x-r9qq-9g4v
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xpgs-hpf3-3qff
21
url VCID-y4zg-wf1d-4bcm
vulnerability_id VCID-y4zg-wf1d-4bcm
summary Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-4829
reference_id
reference_type
scores
0
value 0.00071
scoring_system epss
scoring_elements 0.21984
published_at 2026-06-12T12:55:00Z
1
value 0.00071
scoring_system epss
scoring_elements 0.21972
published_at 2026-06-14T12:55:00Z
2
value 0.00071
scoring_system epss
scoring_elements 0.21996
published_at 2026-06-13T12:55:00Z
3
value 0.00071
scoring_system epss
scoring_elements 0.21795
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-4829
1
reference_url https://github.com/Froxlor/Froxlor
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Froxlor/Froxlor
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4829
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-4829
3
reference_url https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d
reference_id 4711a414360782fe4fc94f7c25027077cbcdf73d
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T17:04:26Z/
url https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d
4
reference_url https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b
reference_id babd73ca-6c80-4145-8c7d-33a883fe606b
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T17:04:26Z/
url https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b
5
reference_url https://github.com/advisories/GHSA-cvwv-h85m-w37h
reference_id GHSA-cvwv-h85m-w37h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cvwv-h85m-w37h
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.0.22
purl pkg:composer/froxlor/froxlor@2.0.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rwn-9phn-kkb4
1
vulnerability VCID-7e6h-qe19-jken
2
vulnerability VCID-9t9n-1hhp-3yga
3
vulnerability VCID-atns-wuzm-kqh2
4
vulnerability VCID-dptm-3z1r-bubj
5
vulnerability VCID-ebbm-gvf6-xfbd
6
vulnerability VCID-jvvz-9twe-8fb1
7
vulnerability VCID-nbu9-sey3-w7es
8
vulnerability VCID-rw5a-bgxw-bfbd
9
vulnerability VCID-tk6b-p759-jyfv
10
vulnerability VCID-tvgb-xmfz-tuf6
11
vulnerability VCID-u4pt-mr2z-j3f2
12
vulnerability VCID-w7xv-k4rd-v7bq
13
vulnerability VCID-x93s-u6kq-fbbe
14
vulnerability VCID-yqdf-v5wf-j3bj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.22
aliases CVE-2023-4829, GHSA-cvwv-h85m-w37h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y4zg-wf1d-4bcm
22
url VCID-yqdf-v5wf-j3bj
vulnerability_id VCID-yqdf-v5wf-j3bj
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6069
reference_id
reference_type
scores
0
value 0.00336
scoring_system epss
scoring_elements 0.56855
published_at 2026-06-11T12:55:00Z
1
value 0.00336
scoring_system epss
scoring_elements 0.56975
published_at 2026-06-12T12:55:00Z
2
value 0.00336
scoring_system epss
scoring_elements 0.5699
published_at 2026-06-13T12:55:00Z
3
value 0.00336
scoring_system epss
scoring_elements 0.56981
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6069
1
reference_url https://github.com/froxlor/froxlor
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/froxlor
2
reference_url https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc
3
reference_url https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6069
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6069
5
reference_url https://github.com/advisories/GHSA-4jch-8qq5-hqg6
reference_id GHSA-4jch-8qq5-hqg6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4jch-8qq5-hqg6
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.1.0-beta1
purl pkg:composer/froxlor/froxlor@2.1.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rwn-9phn-kkb4
1
vulnerability VCID-7e6h-qe19-jken
2
vulnerability VCID-9t9n-1hhp-3yga
3
vulnerability VCID-atns-wuzm-kqh2
4
vulnerability VCID-dptm-3z1r-bubj
5
vulnerability VCID-ebbm-gvf6-xfbd
6
vulnerability VCID-jvvz-9twe-8fb1
7
vulnerability VCID-nbu9-sey3-w7es
8
vulnerability VCID-rw5a-bgxw-bfbd
9
vulnerability VCID-tvgb-xmfz-tuf6
10
vulnerability VCID-u4pt-mr2z-j3f2
11
vulnerability VCID-w7xv-k4rd-v7bq
12
vulnerability VCID-x93s-u6kq-fbbe
13
vulnerability VCID-yqdf-v5wf-j3bj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.0-beta1
1
url pkg:composer/froxlor/froxlor@2.1.0
purl pkg:composer/froxlor/froxlor@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rwn-9phn-kkb4
1
vulnerability VCID-7e6h-qe19-jken
2
vulnerability VCID-9t9n-1hhp-3yga
3
vulnerability VCID-atns-wuzm-kqh2
4
vulnerability VCID-dptm-3z1r-bubj
5
vulnerability VCID-ebbm-gvf6-xfbd
6
vulnerability VCID-jvvz-9twe-8fb1
7
vulnerability VCID-nbu9-sey3-w7es
8
vulnerability VCID-rw5a-bgxw-bfbd
9
vulnerability VCID-tvgb-xmfz-tuf6
10
vulnerability VCID-u4pt-mr2z-j3f2
11
vulnerability VCID-w7xv-k4rd-v7bq
12
vulnerability VCID-x93s-u6kq-fbbe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.0
aliases CVE-2023-6069, GHSA-4jch-8qq5-hqg6
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yqdf-v5wf-j3bj
23
url VCID-zrvp-d87z-p7dy
vulnerability_id VCID-zrvp-d87z-p7dy
summary Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3668
reference_id
reference_type
scores
0
value 0.00105
scoring_system epss
scoring_elements 0.28011
published_at 2026-06-11T12:55:00Z
1
value 0.00105
scoring_system epss
scoring_elements 0.28225
published_at 2026-06-14T12:55:00Z
2
value 0.00105
scoring_system epss
scoring_elements 0.28211
published_at 2026-06-12T12:55:00Z
3
value 0.00105
scoring_system epss
scoring_elements 0.28234
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3668
1
reference_url https://github.com/froxlor/froxlor
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/froxlor/froxlor
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3668
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-3668
3
reference_url https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965
reference_id 03b5a921ff308eeab21bf9d240f27783c8591965
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:31:42Z/
url https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965
4
reference_url https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e
reference_id df8cccf4-a340-440e-a7e0-1b42e757d66e
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:31:42Z/
url https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e
5
reference_url https://github.com/advisories/GHSA-c6v5-pf66-xfq8
reference_id GHSA-c6v5-pf66-xfq8
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c6v5-pf66-xfq8
fixed_packages
0
url pkg:composer/froxlor/froxlor@2.0.21
purl pkg:composer/froxlor/froxlor@2.0.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rwn-9phn-kkb4
1
vulnerability VCID-38ph-pcue-zydu
2
vulnerability VCID-7e6h-qe19-jken
3
vulnerability VCID-9t9n-1hhp-3yga
4
vulnerability VCID-atns-wuzm-kqh2
5
vulnerability VCID-dptm-3z1r-bubj
6
vulnerability VCID-ebbm-gvf6-xfbd
7
vulnerability VCID-jvvz-9twe-8fb1
8
vulnerability VCID-nbu9-sey3-w7es
9
vulnerability VCID-rw5a-bgxw-bfbd
10
vulnerability VCID-tk6b-p759-jyfv
11
vulnerability VCID-tvgb-xmfz-tuf6
12
vulnerability VCID-u4pt-mr2z-j3f2
13
vulnerability VCID-w7xv-k4rd-v7bq
14
vulnerability VCID-x93s-u6kq-fbbe
15
vulnerability VCID-y4zg-wf1d-4bcm
16
vulnerability VCID-yqdf-v5wf-j3bj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.21
aliases CVE-2023-3668, GHSA-c6v5-pf66-xfq8
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zrvp-d87z-p7dy
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.12