{"url":"http://public2.vulnerablecode.io/api/packages/23706?format=json","purl":"pkg:composer/froxlor/froxlor@0.10.30","type":"composer","namespace":"froxlor","name":"froxlor","version":"0.10.30","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.0.0-beta1","latest_non_vulnerable_version":"2.3.7","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148176?format=json","vulnerability_id":"VCID-13gb-yr6z-n7cc","summary":"Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0877","reference_id":"","reference_type":"","scores":[{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.64348","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0877"},{"reference_url":"https://github.com/Froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Froxlor/Froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0877","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0877"},{"reference_url":"https://github.com/froxlor/froxlor/commit/aa48ffca2bcaf7ae57be3b8147bb3138abdab984","reference_id":"aa48ffca2bcaf7ae57be3b8147bb3138abdab984","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-18T16:01:03Z/"}],"url":"https://github.com/froxlor/froxlor/commit/aa48ffca2bcaf7ae57be3b8147bb3138abdab984"},{"reference_url":"https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8","reference_id":"b29cf038-06f1-4fb0-9437-08f2991f92a8","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-18T16:01:03Z/"}],"url":"https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8"},{"reference_url":"https://github.com/advisories/GHSA-vp4r-h765-5mwp","reference_id":"GHSA-vp4r-h765-5mwp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vp4r-h765-5mwp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380400?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-44fu-9q5x-uuf8"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-f15s-unrj-57ax"},{"vulnerability":"VCID-gfgb-su1s-ubaj"},{"vulnerability":"VCID-hhmm-9bdt-fyb5"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-vbvy-j84s-zygu"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-xpgs-hpf3-3qff"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"},{"vulnerability":"VCID-zrvp-d87z-p7dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.11"}],"aliases":["CVE-2023-0877","GHSA-vp4r-h765-5mwp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-13gb-yr6z-n7cc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66448?format=json","vulnerability_id":"VCID-1rwn-9phn-kkb4","summary":"Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint (accessible to customers with DNS enabled) does not validate the content field for several DNS record types (LOC, RP, SSHFP, TLSA). An attacker can inject newlines and BIND zone file directives (e.g. $INCLUDE) into the zone file that gets written to disk when the DNS rebuild cron job runs. This issue has been patched in version 2.3.5.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30932","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07562","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30932"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://github.com/froxlor/froxlor/releases/tag/2.3.5","reference_id":"2.3.5","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:30:29Z/"}],"url":"https://github.com/froxlor/froxlor/releases/tag/2.3.5"},{"reference_url":"https://github.com/froxlor/froxlor/commit/b34829262dc32818b37f6a1eabb426d0b277a86b","reference_id":"b34829262dc32818b37f6a1eabb426d0b277a86b","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:30:29Z/"}],"url":"https://github.com/froxlor/froxlor/commit/b34829262dc32818b37f6a1eabb426d0b277a86b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30932","reference_id":"CVE-2026-30932","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30932"},{"reference_url":"https://github.com/advisories/GHSA-x6w6-2xwp-3jh6","reference_id":"GHSA-x6w6-2xwp-3jh6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x6w6-2xwp-3jh6"},{"reference_url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-x6w6-2xwp-3jh6","reference_id":"GHSA-x6w6-2xwp-3jh6","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:30:29Z/"}],"url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-x6w6-2xwp-3jh6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374976?format=json","purl":"pkg:composer/froxlor/froxlor@2.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.5"}],"aliases":["CVE-2026-30932","GHSA-x6w6-2xwp-3jh6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1rwn-9phn-kkb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/147963?format=json","vulnerability_id":"VCID-2mym-uwpj-v3he","summary":"Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0572","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47603","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0572"},{"reference_url":"https://github.com/Froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Froxlor/Froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0572","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0572"},{"reference_url":"https://huntr.dev/bounties/4ab24ee2-3ff6-4248-9555-0af3e5f754ec","reference_id":"4ab24ee2-3ff6-4248-9555-0af3e5f754ec","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-28T15:42:38Z/"}],"url":"https://huntr.dev/bounties/4ab24ee2-3ff6-4248-9555-0af3e5f754ec"},{"reference_url":"https://github.com/froxlor/froxlor/commit/7b08a71c59430d06c1efb012a6c6448262aacdb1","reference_id":"7b08a71c59430d06c1efb012a6c6448262aacdb1","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-28T15:42:38Z/"}],"url":"https://github.com/froxlor/froxlor/commit/7b08a71c59430d06c1efb012a6c6448262aacdb1"},{"reference_url":"https://github.com/advisories/GHSA-3chw-8jq2-w769","reference_id":"GHSA-3chw-8jq2-w769","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3chw-8jq2-w769"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379862?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13gb-yr6z-n7cc"},{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-44fu-9q5x-uuf8"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-f15s-unrj-57ax"},{"vulnerability":"VCID-gfgb-su1s-ubaj"},{"vulnerability":"VCID-hhmm-9bdt-fyb5"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-nf6w-t7ew-ryde"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-vbvy-j84s-zygu"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-xpgs-hpf3-3qff"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"},{"vulnerability":"VCID-zrvp-d87z-p7dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.10"}],"aliases":["CVE-2023-0572","GHSA-3chw-8jq2-w769"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2mym-uwpj-v3he"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140156?format=json","vulnerability_id":"VCID-38ph-pcue-zydu","summary":"Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4304","reference_id":"","reference_type":"","scores":[{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46782","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4304"},{"reference_url":"https://github.com/Froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Froxlor/Froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4304","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4304"},{"reference_url":"https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9","reference_id":"59fe5037-b253-4b0f-be69-1d2e4af8b4a9","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:04:29Z/"}],"url":"https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9"},{"reference_url":"https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597","reference_id":"ce9a5f97a3edb30c7d33878765d3c014a6583597","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:04:29Z/"}],"url":"https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597"},{"reference_url":"https://github.com/advisories/GHSA-9rmf-6qgj-g3wj","reference_id":"GHSA-9rmf-6qgj-g3wj","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9rmf-6qgj-g3wj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379183?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.22"}],"aliases":["CVE-2023-4304","GHSA-9rmf-6qgj-g3wj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-38ph-pcue-zydu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/150740?format=json","vulnerability_id":"VCID-44fu-9q5x-uuf8","summary":"Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2666","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4409","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2666"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2666","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2666"},{"reference_url":"https://huntr.dev/bounties/0bbdc9d4-d9dc-4490-93ef-0a83b451a20f","reference_id":"0bbdc9d4-d9dc-4490-93ef-0a83b451a20f","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-24T15:58:44Z/"}],"url":"https://huntr.dev/bounties/0bbdc9d4-d9dc-4490-93ef-0a83b451a20f"},{"reference_url":"https://github.com/froxlor/froxlor/commit/1679675aa1c29d24344dd2e091ff252accb111d6","reference_id":"1679675aa1c29d24344dd2e091ff252accb111d6","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-24T15:58:44Z/"}],"url":"https://github.com/froxlor/froxlor/commit/1679675aa1c29d24344dd2e091ff252accb111d6"},{"reference_url":"https://github.com/advisories/GHSA-4gm9-c9jq-g523","reference_id":"GHSA-4gm9-c9jq-g523","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4gm9-c9jq-g523"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382068?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-f15s-unrj-57ax"},{"vulnerability":"VCID-gfgb-su1s-ubaj"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-vbvy-j84s-zygu"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"},{"vulnerability":"VCID-zrvp-d87z-p7dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.16"}],"aliases":["CVE-2023-2666","GHSA-4gm9-c9jq-g523"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44fu-9q5x-uuf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/108866?format=json","vulnerability_id":"VCID-7e6h-qe19-jken","summary":"Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an existing account. This creates potential issues with account identification and security. This vulnerability can be exploited by authenticated users (e.g., reseller, customer) who can create accounts with the same email address that has already been used by another account, such as the admin. The attack vector is email-based, as the system does not prevent multiple accounts from registering the same email address, leading to possible conflicts and security issues. Version 2.2.6 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-29773","reference_id":"","reference_type":"","scores":[{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25314","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-29773"},{"reference_url":"https://github.com/froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/Froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-29773","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-29773"},{"reference_url":"https://github.com/froxlor/Froxlor/commit/a43d53d54034805e3e404702a01312fa0c40b623","reference_id":"a43d53d54034805e3e404702a01312fa0c40b623","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-13T18:30:51Z/"}],"url":"https://github.com/froxlor/Froxlor/commit/a43d53d54034805e3e404702a01312fa0c40b623"},{"reference_url":"https://github.com/advisories/GHSA-7j6w-p859-464f","reference_id":"GHSA-7j6w-p859-464f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7j6w-p859-464f"},{"reference_url":"https://github.com/froxlor/Froxlor/security/advisories/GHSA-7j6w-p859-464f","reference_id":"GHSA-7j6w-p859-464f","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-13T18:30:51Z/"}],"url":"https://github.com/froxlor/Froxlor/security/advisories/GHSA-7j6w-p859-464f"},{"reference_url":"https://mega.nz/file/h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ","reference_id":"h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-13T18:30:51Z/"}],"url":"https://mega.nz/file/h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378109?format=json","purl":"pkg:composer/froxlor/froxlor@2.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.2.6"}],"aliases":["CVE-2025-29773","GHSA-7j6w-p859-464f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7e6h-qe19-jken"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/168754?format=json","vulnerability_id":"VCID-8c8t-7j1p-3baa","summary":"Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4867","reference_id":"","reference_type":"","scores":[{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35968","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4867"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4867","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4867"},{"reference_url":"https://huntr.dev/bounties/c91364dd-9ead-4bf3-96e6-663a017e08fa","reference_id":"c91364dd-9ead-4bf3-96e6-663a017e08fa","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:43:03Z/"}],"url":"https://huntr.dev/bounties/c91364dd-9ead-4bf3-96e6-663a017e08fa"},{"reference_url":"https://github.com/froxlor/froxlor/commit/f7f356e896173558248c43f4f68612f78e73a65d","reference_id":"f7f356e896173558248c43f4f68612f78e73a65d","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:43:03Z/"}],"url":"https://github.com/froxlor/froxlor/commit/f7f356e896173558248c43f4f68612f78e73a65d"},{"reference_url":"https://github.com/advisories/GHSA-6gwx-gw56-qhf7","reference_id":"GHSA-6gwx-gw56-qhf7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6gwx-gw56-qhf7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383928?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.0-beta1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.0-beta1"}],"aliases":["CVE-2022-4867","GHSA-6gwx-gw56-qhf7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8c8t-7j1p-3baa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80823?format=json","vulnerability_id":"VCID-9t9n-1hhp-3yga","summary":"Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpoint `Customers.update` (and `Admins.update`) does not validate the `def_language` parameter against the list of available language files. An authenticated customer can set `def_language` to a path traversal payload (e.g., `../../../../../var/customers/webs/customer1/evil`), which is stored in the database. On subsequent requests, `Language::loadLanguage()` constructs a file path using this value and executes it via `require`, achieving arbitrary PHP code execution as the web server user. Version 2.3.6 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41228","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24712","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41228"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41228","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41228"},{"reference_url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6","reference_id":"2.3.6","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:46:42Z/"}],"url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6"},{"reference_url":"https://github.com/froxlor/froxlor/commit/bc5e6dbaa90e6f3573129da640595e8c770e1d0c","reference_id":"bc5e6dbaa90e6f3573129da640595e8c770e1d0c","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:46:42Z/"}],"url":"https://github.com/froxlor/froxlor/commit/bc5e6dbaa90e6f3573129da640595e8c770e1d0c"},{"reference_url":"https://github.com/advisories/GHSA-w59f-67xm-rxx7","reference_id":"GHSA-w59f-67xm-rxx7","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w59f-67xm-rxx7"},{"reference_url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-w59f-67xm-rxx7","reference_id":"GHSA-w59f-67xm-rxx7","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:46:42Z/"}],"url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-w59f-67xm-rxx7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41711?format=json","purl":"pkg:composer/froxlor/froxlor@2.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-46tt-1n8z-xuct"},{"vulnerability":"VCID-kjsn-vrac-67f9"},{"vulnerability":"VCID-uyv2-5ka7-pufp"},{"vulnerability":"VCID-vvvf-273x-s3g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6"}],"aliases":["CVE-2026-41228","GHSA-w59f-67xm-rxx7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9t9n-1hhp-3yga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80673?format=json","vulnerability_id":"VCID-atns-wuzm-kqh2","summary":"Froxlor is open source server administration software. Prior to version 2.3.6, `DomainZones::add()` accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the `content` field. When a DNS type not covered by the if/elseif validation chain is submitted (e.g., `NAPTR`, `PTR`, `HINFO`), content validation is entirely bypassed. Embedded newline characters in the content survive `trim()` processing, are stored in the database, and are written directly into BIND zone files via `DnsEntry::__toString()`. An authenticated customer can inject arbitrary DNS records and BIND directives (`$INCLUDE`, `$ORIGIN`, `$GENERATE`) into their domain's zone file. Version 2.3.6 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41230","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18253","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41230"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41230","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41230"},{"reference_url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6","reference_id":"2.3.6","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:58:05Z/"}],"url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6"},{"reference_url":"https://github.com/froxlor/froxlor/commit/47a8af5d9523cb6ec94567405cfc2e294d3a1442","reference_id":"47a8af5d9523cb6ec94567405cfc2e294d3a1442","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:58:05Z/"}],"url":"https://github.com/froxlor/froxlor/commit/47a8af5d9523cb6ec94567405cfc2e294d3a1442"},{"reference_url":"https://github.com/advisories/GHSA-47hf-23pw-3m8c","reference_id":"GHSA-47hf-23pw-3m8c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-47hf-23pw-3m8c"},{"reference_url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-47hf-23pw-3m8c","reference_id":"GHSA-47hf-23pw-3m8c","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:58:05Z/"}],"url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-47hf-23pw-3m8c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41711?format=json","purl":"pkg:composer/froxlor/froxlor@2.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-46tt-1n8z-xuct"},{"vulnerability":"VCID-kjsn-vrac-67f9"},{"vulnerability":"VCID-uyv2-5ka7-pufp"},{"vulnerability":"VCID-vvvf-273x-s3g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6"}],"aliases":["CVE-2026-41230","GHSA-47hf-23pw-3m8c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-atns-wuzm-kqh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148389?format=json","vulnerability_id":"VCID-d48t-6m2w-s7h2","summary":"Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0565","reference_id":"","reference_type":"","scores":[{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43137","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0565"},{"reference_url":"https://github.com/Froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Froxlor/Froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0565","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0565"},{"reference_url":"https://huntr.dev/bounties/12d78294-1723-4450-a239-023952666102","reference_id":"12d78294-1723-4450-a239-023952666102","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-28T15:45:44Z/"}],"url":"https://huntr.dev/bounties/12d78294-1723-4450-a239-023952666102"},{"reference_url":"https://github.com/froxlor/froxlor/commit/2feb8020941a82bfb4ac68890f6ced0e5b3c4a15","reference_id":"2feb8020941a82bfb4ac68890f6ced0e5b3c4a15","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-28T15:45:44Z/"}],"url":"https://github.com/froxlor/froxlor/commit/2feb8020941a82bfb4ac68890f6ced0e5b3c4a15"},{"reference_url":"https://github.com/advisories/GHSA-vqqm-c9gx-773q","reference_id":"GHSA-vqqm-c9gx-773q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vqqm-c9gx-773q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379862?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13gb-yr6z-n7cc"},{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-44fu-9q5x-uuf8"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-f15s-unrj-57ax"},{"vulnerability":"VCID-gfgb-su1s-ubaj"},{"vulnerability":"VCID-hhmm-9bdt-fyb5"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-nf6w-t7ew-ryde"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-vbvy-j84s-zygu"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-xpgs-hpf3-3qff"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"},{"vulnerability":"VCID-zrvp-d87z-p7dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.10"}],"aliases":["CVE-2023-0565","GHSA-vqqm-c9gx-773q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d48t-6m2w-s7h2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49786?format=json","vulnerability_id":"VCID-dptm-3z1r-bubj","summary":"Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting (XSS) vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on the Login attempt, which will then be executed when viewed by the Administrator in the System Logs.  By exploiting this vulnerability, the attacker can perform various malicious actions such as forcing the Administrator to execute actions without their knowledge or consent. For instance, the attacker can force the Administrator to add a new administrator controlled by the attacker, thereby giving the attacker full control over the application. This vulnerability is fixed in 2.1.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34070","reference_id":"","reference_type":"","scores":[{"value":"0.00976","scoring_system":"epss","scoring_elements":"0.77122","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34070"},{"reference_url":"https://github.com/froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/Froxlor"},{"reference_url":"https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6","reference_id":"a862307bce5cdfb1c208b835f3e8faddd23046e6","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-10T20:22:17Z/"}],"url":"https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34070","reference_id":"CVE-2024-34070","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34070"},{"reference_url":"https://github.com/advisories/GHSA-x525-54hf-xr53","reference_id":"GHSA-x525-54hf-xr53","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x525-54hf-xr53"},{"reference_url":"https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53","reference_id":"GHSA-x525-54hf-xr53","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-10T20:22:17Z/"}],"url":"https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30983?format=json","purl":"pkg:composer/froxlor/froxlor@2.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.9"}],"aliases":["CVE-2024-34070","GHSA-x525-54hf-xr53"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dptm-3z1r-bubj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80834?format=json","vulnerability_id":"VCID-ebbm-gvf6-xfbd","summary":"Froxlor is open source server administration software. Prior to version 2.3.6, `PhpHelper::parseArrayToString()` writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with `change_serversettings` permission adds or updates a MySQL server via the API, the `privileged_user` parameter (which has no input validation) is written unescaped into `lib/userdata.inc.php`. Since this file is `require`d on every request via `Database::getDB()`, an attacker can inject arbitrary PHP code that executes as the web server user on every subsequent page load. Version 2.3.6 contains a patch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41229","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.2754","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41229"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41229","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41229"},{"reference_url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6","reference_id":"2.3.6","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T12:31:11Z/"}],"url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6"},{"reference_url":"https://github.com/froxlor/froxlor/commit/3589ddf93ab59eb2a8971f0f56cbf6266d03c4ae","reference_id":"3589ddf93ab59eb2a8971f0f56cbf6266d03c4ae","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T12:31:11Z/"}],"url":"https://github.com/froxlor/froxlor/commit/3589ddf93ab59eb2a8971f0f56cbf6266d03c4ae"},{"reference_url":"https://github.com/advisories/GHSA-gc9w-cc93-rjv8","reference_id":"GHSA-gc9w-cc93-rjv8","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gc9w-cc93-rjv8"},{"reference_url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-gc9w-cc93-rjv8","reference_id":"GHSA-gc9w-cc93-rjv8","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T12:31:11Z/"}],"url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-gc9w-cc93-rjv8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41711?format=json","purl":"pkg:composer/froxlor/froxlor@2.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-46tt-1n8z-xuct"},{"vulnerability":"VCID-kjsn-vrac-67f9"},{"vulnerability":"VCID-uyv2-5ka7-pufp"},{"vulnerability":"VCID-vvvf-273x-s3g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6"}],"aliases":["CVE-2026-41229","GHSA-gc9w-cc93-rjv8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ebbm-gvf6-xfbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151663?format=json","vulnerability_id":"VCID-f15s-unrj-57ax","summary":"Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3192","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36727","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3192"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3192","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3192"},{"reference_url":"https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52","reference_id":"94d9c3eedf31bc8447e3aa349e32880dde02ee52","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:04:10Z/"}],"url":"https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52"},{"reference_url":"https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551","reference_id":"f3644772-9c86-4f55-a0fa-aeb11f411551","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:04:10Z/"}],"url":"https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551"},{"reference_url":"https://github.com/advisories/GHSA-jr66-9ghf-6gp3","reference_id":"GHSA-jr66-9ghf-6gp3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jr66-9ghf-6gp3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381932?format=json","purl":"pkg:composer/froxlor/froxlor@2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.0"}],"aliases":["CVE-2023-3192","GHSA-jr66-9ghf-6gp3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f15s-unrj-57ax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151293?format=json","vulnerability_id":"VCID-gfgb-su1s-ubaj","summary":"Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3173","reference_id":"","reference_type":"","scores":[{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.335","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3173"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3173","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3173"},{"reference_url":"https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6","reference_id":"464216072456efb35b4541c58e7016463dfbd9a6","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-06T17:11:52Z/"}],"url":"https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6"},{"reference_url":"https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14","reference_id":"4d715f76-950d-4251-8139-3dffea798f14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-06T17:11:52Z/"}],"url":"https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14"},{"reference_url":"https://github.com/advisories/GHSA-chw4-88xc-79w6","reference_id":"GHSA-chw4-88xc-79w6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-chw4-88xc-79w6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381608?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-f15s-unrj-57ax"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"},{"vulnerability":"VCID-zrvp-d87z-p7dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.20"}],"aliases":["CVE-2023-3173","GHSA-chw4-88xc-79w6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gfgb-su1s-ubaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/174823?format=json","vulnerability_id":"VCID-gxb4-1jgt-z3a8","summary":"Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3721","reference_id":"","reference_type":"","scores":[{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.62328","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3721"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://huntr.com/bounties/a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.com/bounties/a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a"},{"reference_url":"https://github.com/froxlor/froxlor/commit/1182453c18a83309a3470b2775c148ede740806c","reference_id":"1182453c18a83309a3470b2775c148ede740806c","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L"},{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T18:44:31Z/"}],"url":"https://github.com/froxlor/froxlor/commit/1182453c18a83309a3470b2775c148ede740806c"},{"reference_url":"https://huntr.dev/bounties/a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a","reference_id":"a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L"},{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T18:44:31Z/"}],"url":"https://huntr.dev/bounties/a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3721","reference_id":"CVE-2022-3721","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3721"},{"reference_url":"https://github.com/advisories/GHSA-h95w-p3x6-wwj6","reference_id":"GHSA-h95w-p3x6-wwj6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h95w-p3x6-wwj6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27753?format=json","purl":"pkg:composer/froxlor/froxlor@0.10.39","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@0.10.39"}],"aliases":["CVE-2022-3721","GHSA-h95w-p3x6-wwj6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gxb4-1jgt-z3a8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/168683?format=json","vulnerability_id":"VCID-gyny-xdxc-vyg7","summary":"Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4868","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38208","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4868"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4868","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4868"},{"reference_url":"https://github.com/froxlor/froxlor/commit/0527f22dc942483430f8449e25a096bb8d683a5d","reference_id":"0527f22dc942483430f8449e25a096bb8d683a5d","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:35:21Z/"}],"url":"https://github.com/froxlor/froxlor/commit/0527f22dc942483430f8449e25a096bb8d683a5d"},{"reference_url":"https://huntr.dev/bounties/3a8f36ac-5eda-41e7-a9c4-e0f3d63e6e3b","reference_id":"3a8f36ac-5eda-41e7-a9c4-e0f3d63e6e3b","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:35:21Z/"}],"url":"https://huntr.dev/bounties/3a8f36ac-5eda-41e7-a9c4-e0f3d63e6e3b"},{"reference_url":"https://github.com/advisories/GHSA-w6qf-j4qr-f946","reference_id":"GHSA-w6qf-j4qr-f946","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w6qf-j4qr-f946"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383928?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.0-beta1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.0-beta1"}],"aliases":["CVE-2022-4868","GHSA-w6qf-j4qr-f946"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gyny-xdxc-vyg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/168779?format=json","vulnerability_id":"VCID-hhky-38kt-9fcd","summary":"Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4864","reference_id":"","reference_type":"","scores":[{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.54281","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4864"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4864","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4864"},{"reference_url":"https://huntr.dev/bounties/b7140709-8f84-4f19-9463-78669fa2175b","reference_id":"b7140709-8f84-4f19-9463-78669fa2175b","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:45:46Z/"}],"url":"https://huntr.dev/bounties/b7140709-8f84-4f19-9463-78669fa2175b"},{"reference_url":"https://github.com/froxlor/froxlor/commit/f2485ecd9aab8da544b5e12891d82ae6fcff5fc7","reference_id":"f2485ecd9aab8da544b5e12891d82ae6fcff5fc7","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:45:46Z/"}],"url":"https://github.com/froxlor/froxlor/commit/f2485ecd9aab8da544b5e12891d82ae6fcff5fc7"},{"reference_url":"https://github.com/advisories/GHSA-3v7m-2jrh-vc93","reference_id":"GHSA-3v7m-2jrh-vc93","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3v7m-2jrh-vc93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383928?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.0-beta1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.0-beta1"}],"aliases":["CVE-2022-4864","GHSA-3v7m-2jrh-vc93"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hhky-38kt-9fcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151057?format=json","vulnerability_id":"VCID-hhmm-9bdt-fyb5","summary":"Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2034","reference_id":"","reference_type":"","scores":[{"value":"0.08952","scoring_system":"epss","scoring_elements":"0.92779","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2034"},{"reference_url":"https://github.com/Froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Froxlor/Froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2034","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2034"},{"reference_url":"https://huntr.dev/bounties/aba6beaa-570e-4523-8128-da4d8e374ef6","reference_id":"aba6beaa-570e-4523-8128-da4d8e374ef6","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T21:01:22Z/"}],"url":"https://huntr.dev/bounties/aba6beaa-570e-4523-8128-da4d8e374ef6"},{"reference_url":"https://github.com/froxlor/froxlor/commit/f36bc61fc74c85a21c8d31448198b11f96eb3bc6","reference_id":"f36bc61fc74c85a21c8d31448198b11f96eb3bc6","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T21:01:22Z/"}],"url":"https://github.com/froxlor/froxlor/commit/f36bc61fc74c85a21c8d31448198b11f96eb3bc6"},{"reference_url":"https://github.com/advisories/GHSA-qwvp-g9j7-28f6","reference_id":"GHSA-qwvp-g9j7-28f6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qwvp-g9j7-28f6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379375?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-44fu-9q5x-uuf8"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-f15s-unrj-57ax"},{"vulnerability":"VCID-gfgb-su1s-ubaj"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-vbvy-j84s-zygu"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"},{"vulnerability":"VCID-zrvp-d87z-p7dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.14"}],"aliases":["CVE-2023-2034","GHSA-qwvp-g9j7-28f6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hhmm-9bdt-fyb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/147964?format=json","vulnerability_id":"VCID-hr4y-q8gp-5ua5","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0566","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.5405","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0566"},{"reference_url":"https://github.com/Froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Froxlor/Froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0566","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0566"},{"reference_url":"https://huntr.dev/bounties/8339e4f1-d430-4845-81b5-36dd9fcdac49","reference_id":"8339e4f1-d430-4845-81b5-36dd9fcdac49","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-28T15:44:01Z/"}],"url":"https://huntr.dev/bounties/8339e4f1-d430-4845-81b5-36dd9fcdac49"},{"reference_url":"https://github.com/froxlor/froxlor/commit/bd5b99dc1c06f594b9563d459a50bf3b32504876","reference_id":"bd5b99dc1c06f594b9563d459a50bf3b32504876","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-28T15:44:01Z/"}],"url":"https://github.com/froxlor/froxlor/commit/bd5b99dc1c06f594b9563d459a50bf3b32504876"},{"reference_url":"https://github.com/advisories/GHSA-w7w4-qjgg-372x","reference_id":"GHSA-w7w4-qjgg-372x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w7w4-qjgg-372x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379862?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13gb-yr6z-n7cc"},{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-44fu-9q5x-uuf8"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-f15s-unrj-57ax"},{"vulnerability":"VCID-gfgb-su1s-ubaj"},{"vulnerability":"VCID-hhmm-9bdt-fyb5"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-nf6w-t7ew-ryde"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-vbvy-j84s-zygu"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-xpgs-hpf3-3qff"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"},{"vulnerability":"VCID-zrvp-d87z-p7dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.10"}],"aliases":["CVE-2023-0566","GHSA-w7w4-qjgg-372x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hr4y-q8gp-5ua5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148659?format=json","vulnerability_id":"VCID-hs15-esbz-bfhb","summary":"Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0671","reference_id":"","reference_type":"","scores":[{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.67007","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0671"},{"reference_url":"https://github.com/Froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Froxlor/Froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0671","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0671"},{"reference_url":"https://github.com/froxlor/froxlor/commit/0034681412057fef2dfe9cce9f8a6e3321f52edc","reference_id":"0034681412057fef2dfe9cce9f8a6e3321f52edc","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-25T20:12:38Z/"}],"url":"https://github.com/froxlor/froxlor/commit/0034681412057fef2dfe9cce9f8a6e3321f52edc"},{"reference_url":"https://huntr.dev/bounties/c2a84917-7ac0-4169-81c1-b61e617023de","reference_id":"c2a84917-7ac0-4169-81c1-b61e617023de","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-25T20:12:38Z/"}],"url":"https://huntr.dev/bounties/c2a84917-7ac0-4169-81c1-b61e617023de"},{"reference_url":"https://github.com/advisories/GHSA-9fqc-9cpr-w73q","reference_id":"GHSA-9fqc-9cpr-w73q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9fqc-9cpr-w73q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379862?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13gb-yr6z-n7cc"},{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-44fu-9q5x-uuf8"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-f15s-unrj-57ax"},{"vulnerability":"VCID-gfgb-su1s-ubaj"},{"vulnerability":"VCID-hhmm-9bdt-fyb5"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-nf6w-t7ew-ryde"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-vbvy-j84s-zygu"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-xpgs-hpf3-3qff"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"},{"vulnerability":"VCID-zrvp-d87z-p7dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.10"}],"aliases":["CVE-2023-0671","GHSA-9fqc-9cpr-w73q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hs15-esbz-bfhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/118076?format=json","vulnerability_id":"VCID-jvvz-9twe-8fb1","summary":"Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48958","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38218","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48958"},{"reference_url":"https://github.com/froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/Froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48958","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48958"},{"reference_url":"https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e","reference_id":"86947633-3e7c-4e10-86cc-92e577761e8e","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T16:40:22Z/"}],"url":"https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e"},{"reference_url":"https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a","reference_id":"fde43f80600f1035e1e3d2297411b666d805549a","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T16:40:22Z/"}],"url":"https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a"},{"reference_url":"https://github.com/advisories/GHSA-26xq-m8xw-6373","reference_id":"GHSA-26xq-m8xw-6373","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-26xq-m8xw-6373"},{"reference_url":"https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373","reference_id":"GHSA-26xq-m8xw-6373","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T16:40:22Z/"}],"url":"https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378109?format=json","purl":"pkg:composer/froxlor/froxlor@2.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.2.6"}],"aliases":["CVE-2025-48958","GHSA-26xq-m8xw-6373"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvvz-9twe-8fb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148470?format=json","vulnerability_id":"VCID-mgwv-2pj5-pqav","summary":"Path Traversal: '\\..\\filename' in GitHub repository froxlor/froxlor prior to 2.0.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0316","reference_id":"","reference_type":"","scores":[{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50264","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0316"},{"reference_url":"https://github.com/Froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Froxlor/Froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0316","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0316"},{"reference_url":"https://github.com/froxlor/froxlor/commit/983d9294603925018225d672795bd8b4a526f41e","reference_id":"983d9294603925018225d672795bd8b4a526f41e","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:08:55Z/"}],"url":"https://github.com/froxlor/froxlor/commit/983d9294603925018225d672795bd8b4a526f41e"},{"reference_url":"https://huntr.dev/bounties/c190e42a-4806-47aa-aa1e-ff5d6407e244","reference_id":"c190e42a-4806-47aa-aa1e-ff5d6407e244","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:08:55Z/"}],"url":"https://huntr.dev/bounties/c190e42a-4806-47aa-aa1e-ff5d6407e244"},{"reference_url":"https://github.com/advisories/GHSA-xp3g-2729-rxm3","reference_id":"GHSA-xp3g-2729-rxm3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xp3g-2729-rxm3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380013?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13gb-yr6z-n7cc"},{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-2mym-uwpj-v3he"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-44fu-9q5x-uuf8"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-d48t-6m2w-s7h2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-f15s-unrj-57ax"},{"vulnerability":"VCID-gfgb-su1s-ubaj"},{"vulnerability":"VCID-hhmm-9bdt-fyb5"},{"vulnerability":"VCID-hr4y-q8gp-5ua5"},{"vulnerability":"VCID-hs15-esbz-bfhb"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-nf6w-t7ew-ryde"},{"vulnerability":"VCID-p242-zj5r-7faw"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-unh1-2xmh-qbcs"},{"vulnerability":"VCID-vbvy-j84s-zygu"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-xpgs-hpf3-3qff"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"},{"vulnerability":"VCID-zrvp-d87z-p7dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.0"}],"aliases":["CVE-2023-0316","GHSA-xp3g-2729-rxm3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mgwv-2pj5-pqav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80672?format=json","vulnerability_id":"VCID-nbu9-sey3-w7es","summary":"Froxlor is open source server administration software. Prior to version 2.3.6, in `EmailSender::add()`, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to `validateLocalDomainOwnership()`. This causes the ownership check to always pass for non-existent \"domains,\" allowing any authenticated customer to add sender aliases for email addresses on domains belonging to other customers. Postfix's `sender_login_maps` then authorizes the attacker to send emails as those addresses. Version 2.3.6 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41232","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12181","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41232"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41232","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41232"},{"reference_url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6","reference_id":"2.3.6","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:49:29Z/"}],"url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6"},{"reference_url":"https://github.com/froxlor/froxlor/commit/77d04badf549d5f8429828f0fbc69bc37a35e07a","reference_id":"77d04badf549d5f8429828f0fbc69bc37a35e07a","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:49:29Z/"}],"url":"https://github.com/froxlor/froxlor/commit/77d04badf549d5f8429828f0fbc69bc37a35e07a"},{"reference_url":"https://github.com/advisories/GHSA-vmjj-qr7v-pxm6","reference_id":"GHSA-vmjj-qr7v-pxm6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vmjj-qr7v-pxm6"},{"reference_url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-vmjj-qr7v-pxm6","reference_id":"GHSA-vmjj-qr7v-pxm6","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:49:29Z/"}],"url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-vmjj-qr7v-pxm6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41711?format=json","purl":"pkg:composer/froxlor/froxlor@2.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-46tt-1n8z-xuct"},{"vulnerability":"VCID-kjsn-vrac-67f9"},{"vulnerability":"VCID-uyv2-5ka7-pufp"},{"vulnerability":"VCID-vvvf-273x-s3g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6"}],"aliases":["CVE-2026-41232","GHSA-vmjj-qr7v-pxm6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nbu9-sey3-w7es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144275?format=json","vulnerability_id":"VCID-nf6w-t7ew-ryde","summary":"Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1033","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42976","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1033"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1033","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1033"},{"reference_url":"https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950","reference_id":"4003a8d2b60728a77476d1d4f5aa5c635f128950","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:36:54Z/"}],"url":"https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950"},{"reference_url":"https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387","reference_id":"ba3cd929-8b60-4d8d-b77d-f28409ecf387","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:36:54Z/"}],"url":"https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387"},{"reference_url":"https://github.com/advisories/GHSA-p7qq-rrvw-x55x","reference_id":"GHSA-p7qq-rrvw-x55x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p7qq-rrvw-x55x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380400?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-44fu-9q5x-uuf8"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-f15s-unrj-57ax"},{"vulnerability":"VCID-gfgb-su1s-ubaj"},{"vulnerability":"VCID-hhmm-9bdt-fyb5"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-vbvy-j84s-zygu"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-xpgs-hpf3-3qff"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"},{"vulnerability":"VCID-zrvp-d87z-p7dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.11"}],"aliases":["CVE-2023-1033","GHSA-p7qq-rrvw-x55x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nf6w-t7ew-ryde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148288?format=json","vulnerability_id":"VCID-p242-zj5r-7faw","summary":"Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0315","reference_id":"","reference_type":"","scores":[{"value":"0.89127","scoring_system":"epss","scoring_elements":"0.99552","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0315"},{"reference_url":"https://github.com/Froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Froxlor/Froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0315","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0315"},{"reference_url":"https://github.com/froxlor/froxlor/commit/090cfc26f2722ac3036cc7fd1861955bc36f065a","reference_id":"090cfc26f2722ac3036cc7fd1861955bc36f065a","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-07T15:09:43Z/"}],"url":"https://github.com/froxlor/froxlor/commit/090cfc26f2722ac3036cc7fd1861955bc36f065a"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51263.py","reference_id":"CVE-2023-0315","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51263.py"},{"reference_url":"https://huntr.dev/bounties/ff4e177b-ba48-4913-bbfa-ab8ce0db5943","reference_id":"ff4e177b-ba48-4913-bbfa-ab8ce0db5943","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-07T15:09:43Z/"}],"url":"https://huntr.dev/bounties/ff4e177b-ba48-4913-bbfa-ab8ce0db5943"},{"reference_url":"http://packetstormsecurity.com/files/171729/Froxlor-2.0.3-Stable-Remote-Code-Execution.html","reference_id":"Froxlor-2.0.3-Stable-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-07T15:09:43Z/"}],"url":"http://packetstormsecurity.com/files/171729/Froxlor-2.0.3-Stable-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/171108/Froxlor-2.0.6-Remote-Command-Execution.html","reference_id":"Froxlor-2.0.6-Remote-Command-Execution.html","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-07T15:09:43Z/"}],"url":"http://packetstormsecurity.com/files/171108/Froxlor-2.0.6-Remote-Command-Execution.html"},{"reference_url":"https://github.com/advisories/GHSA-cp68-42pf-6627","reference_id":"GHSA-cp68-42pf-6627","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cp68-42pf-6627"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379955?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13gb-yr6z-n7cc"},{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-2mym-uwpj-v3he"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-44fu-9q5x-uuf8"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-d48t-6m2w-s7h2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-f15s-unrj-57ax"},{"vulnerability":"VCID-gfgb-su1s-ubaj"},{"vulnerability":"VCID-hhmm-9bdt-fyb5"},{"vulnerability":"VCID-hr4y-q8gp-5ua5"},{"vulnerability":"VCID-hs15-esbz-bfhb"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-nf6w-t7ew-ryde"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-unh1-2xmh-qbcs"},{"vulnerability":"VCID-vbvy-j84s-zygu"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-xpgs-hpf3-3qff"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"},{"vulnerability":"VCID-zrvp-d87z-p7dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.8"}],"aliases":["CVE-2023-0315","GHSA-cp68-42pf-6627"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p242-zj5r-7faw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211256?format=json","vulnerability_id":"VCID-p627-qr92-mkdp","summary":"Froxlor vulnerable to Cross-Site Request Forgery (CSRF)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3017","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29031","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3017"},{"reference_url":"https://github.com/Froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Froxlor/Froxlor"},{"reference_url":"https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a"},{"reference_url":"https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3017","reference_id":"CVE-2022-3017","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3017"},{"reference_url":"https://github.com/advisories/GHSA-9xgp-3mxp-rv7x","reference_id":"GHSA-9xgp-3mxp-rv7x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9xgp-3mxp-rv7x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25898?format=json","purl":"pkg:composer/froxlor/froxlor@0.10.38","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13gb-yr6z-n7cc"},{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-2mym-uwpj-v3he"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-44fu-9q5x-uuf8"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-8c8t-7j1p-3baa"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-d48t-6m2w-s7h2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-f15s-unrj-57ax"},{"vulnerability":"VCID-gfgb-su1s-ubaj"},{"vulnerability":"VCID-gxb4-1jgt-z3a8"},{"vulnerability":"VCID-gyny-xdxc-vyg7"},{"vulnerability":"VCID-hhky-38kt-9fcd"},{"vulnerability":"VCID-hhmm-9bdt-fyb5"},{"vulnerability":"VCID-hr4y-q8gp-5ua5"},{"vulnerability":"VCID-hs15-esbz-bfhb"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-mgwv-2pj5-pqav"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-nf6w-t7ew-ryde"},{"vulnerability":"VCID-p242-zj5r-7faw"},{"vulnerability":"VCID-qyzq-4avu-zugu"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-unh1-2xmh-qbcs"},{"vulnerability":"VCID-vbvy-j84s-zygu"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-xpgs-hpf3-3qff"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"},{"vulnerability":"VCID-zrvp-d87z-p7dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@0.10.38"}],"aliases":["CVE-2022-3017","GHSA-9xgp-3mxp-rv7x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p627-qr92-mkdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/174943?format=json","vulnerability_id":"VCID-qyzq-4avu-zugu","summary":"Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3869","reference_id":"","reference_type":"","scores":[{"value":"0.14857","scoring_system":"epss","scoring_elements":"0.94675","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3869"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8","reference_id":"3f10a4adede9df83408d60ded78b51b812a763a8","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-05T20:27:39Z/"}],"url":"https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8"},{"reference_url":"https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b","reference_id":"7de20f21-4a9b-445d-ae2b-15ade648900b","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-05T20:27:39Z/"}],"url":"https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3869","reference_id":"CVE-2022-3869","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3869"},{"reference_url":"https://github.com/advisories/GHSA-6rjv-xxgr-v57x","reference_id":"GHSA-6rjv-xxgr-v57x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6rjv-xxgr-v57x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27761?format=json","purl":"pkg:composer/froxlor/froxlor@0.10.38%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@0.10.38%252B2"}],"aliases":["CVE-2022-3869","GHSA-6rjv-xxgr-v57x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qyzq-4avu-zugu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70796?format=json","vulnerability_id":"VCID-rw5a-bgxw-bfbd","summary":"Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code (== instead of =) completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the panel.adminmail setting. This value is later concatenated into a shell command executed as root by a cron job, where the pipe character | is explicitly whitelisted. The result is full root-level Remote Code Execution. This vulnerability is fixed in 2.3.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26279","reference_id":"","reference_type":"","scores":[{"value":"0.009","scoring_system":"epss","scoring_elements":"0.76119","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26279"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://github.com/froxlor/froxlor/commit/22249677107f8f39f8d4a238605641e87dab4343","reference_id":"22249677107f8f39f8d4a238605641e87dab4343","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:12:37Z/"}],"url":"https://github.com/froxlor/froxlor/commit/22249677107f8f39f8d4a238605641e87dab4343"},{"reference_url":"https://github.com/froxlor/froxlor/releases/tag/2.3.4","reference_id":"2.3.4","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:12:37Z/"}],"url":"https://github.com/froxlor/froxlor/releases/tag/2.3.4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26279","reference_id":"CVE-2026-26279","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26279"},{"reference_url":"https://github.com/advisories/GHSA-33mp-8p67-xj7c","reference_id":"GHSA-33mp-8p67-xj7c","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-33mp-8p67-xj7c"},{"reference_url":"https://github.com/froxlor/Froxlor/security/advisories/GHSA-33mp-8p67-xj7c","reference_id":"GHSA-33mp-8p67-xj7c","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:12:37Z/"}],"url":"https://github.com/froxlor/Froxlor/security/advisories/GHSA-33mp-8p67-xj7c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40093?format=json","purl":"pkg:composer/froxlor/froxlor@2.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.4"}],"aliases":["CVE-2026-26279","GHSA-33mp-8p67-xj7c"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rw5a-bgxw-bfbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133459?format=json","vulnerability_id":"VCID-tk6b-p759-jyfv","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5564","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18558","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5564"},{"reference_url":"https://github.com/Froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Froxlor/Froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5564","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5564"},{"reference_url":"https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c","reference_id":"9254d8f3-a847-4ae8-8477-d2ce027cff5c","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T17:07:19Z/"}],"url":"https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c"},{"reference_url":"https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa","reference_id":"e8ed43056c1665522a586e3485da67f2bdf073aa","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T17:07:19Z/"}],"url":"https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa"},{"reference_url":"https://github.com/advisories/GHSA-j5hq-6frc-64v3","reference_id":"GHSA-j5hq-6frc-64v3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j5hq-6frc-64v3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379319?format=json","purl":"pkg:composer/froxlor/froxlor@2.1.0-dev1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.0-dev1"}],"aliases":["CVE-2023-5564","GHSA-j5hq-6frc-64v3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tk6b-p759-jyfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80953?format=json","vulnerability_id":"VCID-tvgb-xmfz-tuf6","summary":"Froxlor is open source server administration software. Prior to version 2.3.6, in `Domains.add()`, the `adminid` parameter is accepted from user input and used without validation when the calling reseller does not have the `customers_see_all` permission. This allows a reseller to attribute newly created domains to any other admin, bypassing their own domain quota (since the wrong admin's `domains_used` counter is incremented) and potentially exhausting another admin's quota. Version 2.3.6 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41233","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.17011","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41233"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41233","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41233"},{"reference_url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6","reference_id":"2.3.6","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T12:26:17Z/"}],"url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6"},{"reference_url":"https://github.com/froxlor/froxlor/commit/bf47ba15329506e9f9662f9462463932aa80dff5","reference_id":"bf47ba15329506e9f9662f9462463932aa80dff5","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T12:26:17Z/"}],"url":"https://github.com/froxlor/froxlor/commit/bf47ba15329506e9f9662f9462463932aa80dff5"},{"reference_url":"https://github.com/advisories/GHSA-jvx4-xv3m-hrj4","reference_id":"GHSA-jvx4-xv3m-hrj4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jvx4-xv3m-hrj4"},{"reference_url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-jvx4-xv3m-hrj4","reference_id":"GHSA-jvx4-xv3m-hrj4","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T12:26:17Z/"}],"url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-jvx4-xv3m-hrj4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41711?format=json","purl":"pkg:composer/froxlor/froxlor@2.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-46tt-1n8z-xuct"},{"vulnerability":"VCID-kjsn-vrac-67f9"},{"vulnerability":"VCID-uyv2-5ka7-pufp"},{"vulnerability":"VCID-vvvf-273x-s3g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6"}],"aliases":["CVE-2026-41233","GHSA-jvx4-xv3m-hrj4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tvgb-xmfz-tuf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212215?format=json","vulnerability_id":"VCID-u4pt-mr2z-j3f2","summary":"Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD>","references":[{"reference_url":"https://github.com/froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/Froxlor"},{"reference_url":"https://github.com/froxlor/Froxlor/blob/2.1.9/lib/configfiles/bookworm.xml#L3075","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/Froxlor/blob/2.1.9/lib/configfiles/bookworm.xml#L3075"},{"reference_url":"https://github.com/froxlor/Froxlor/commit/5d2ce4ecfb0e9c397ef5c73b107fb9a0e122e910","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/Froxlor/commit/5d2ce4ecfb0e9c397ef5c73b107fb9a0e122e910"},{"reference_url":"https://github.com/advisories/GHSA-34qg-65m4-f23m","reference_id":"GHSA-34qg-65m4-f23m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-34qg-65m4-f23m"},{"reference_url":"https://github.com/froxlor/Froxlor/security/advisories/GHSA-34qg-65m4-f23m","reference_id":"GHSA-34qg-65m4-f23m","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/Froxlor/security/advisories/GHSA-34qg-65m4-f23m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33112?format=json","purl":"pkg:composer/froxlor/froxlor@2.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.2.0"}],"aliases":["GHSA-34qg-65m4-f23m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u4pt-mr2z-j3f2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148259?format=json","vulnerability_id":"VCID-unh1-2xmh-qbcs","summary":"Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0564","reference_id":"","reference_type":"","scores":[{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39641","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0564"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0564","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0564"},{"reference_url":"https://github.com/froxlor/froxlor/commit/2a84e9c1207fd3d792b7fb198fd0c66fe1a66a7a","reference_id":"2a84e9c1207fd3d792b7fb198fd0c66fe1a66a7a","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-28T15:46:07Z/"}],"url":"https://github.com/froxlor/froxlor/commit/2a84e9c1207fd3d792b7fb198fd0c66fe1a66a7a"},{"reference_url":"https://huntr.dev/bounties/a4f86d6f-0d5d-428d-a4b3-551b20a21ce6","reference_id":"a4f86d6f-0d5d-428d-a4b3-551b20a21ce6","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-28T15:46:07Z/"}],"url":"https://huntr.dev/bounties/a4f86d6f-0d5d-428d-a4b3-551b20a21ce6"},{"reference_url":"https://github.com/advisories/GHSA-pm72-27mg-fc28","reference_id":"GHSA-pm72-27mg-fc28","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pm72-27mg-fc28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379862?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13gb-yr6z-n7cc"},{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-44fu-9q5x-uuf8"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-f15s-unrj-57ax"},{"vulnerability":"VCID-gfgb-su1s-ubaj"},{"vulnerability":"VCID-hhmm-9bdt-fyb5"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-nf6w-t7ew-ryde"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-vbvy-j84s-zygu"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-xpgs-hpf3-3qff"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"},{"vulnerability":"VCID-zrvp-d87z-p7dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.10"}],"aliases":["CVE-2023-0564","GHSA-pm72-27mg-fc28"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-unh1-2xmh-qbcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151443?format=json","vulnerability_id":"VCID-vbvy-j84s-zygu","summary":"Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3172","reference_id":"","reference_type":"","scores":[{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53671","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3172"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3172","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3172"},{"reference_url":"https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e","reference_id":"da810ea95393dfaec68a70e30b7c887c50563a7e","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:12:19Z/"}],"url":"https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e"},{"reference_url":"https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e","reference_id":"e50966cd-9222-46b9-aedc-1feb3f2a0b0e","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:12:19Z/"}],"url":"https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e"},{"reference_url":"https://github.com/advisories/GHSA-ghqq-jfx7-f6m9","reference_id":"GHSA-ghqq-jfx7-f6m9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ghqq-jfx7-f6m9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381608?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-f15s-unrj-57ax"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"},{"vulnerability":"VCID-zrvp-d87z-p7dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.20"}],"aliases":["CVE-2023-3172","GHSA-ghqq-jfx7-f6m9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vbvy-j84s-zygu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80698?format=json","vulnerability_id":"VCID-w7xv-k4rd-v7bq","summary":"Froxlor is open source server administration software. Prior to version 2.3.6, `DataDump.add()` constructs the export destination path from user-supplied input without passing the `$fixed_homedir` parameter to `FileDir::makeCorrectDir()`, bypassing the symlink validation that was added to all other customer-facing path operations (likely as the fix for CVE-2023-6069). When the ExportCron runs as root, it executes `chown -R` on the resolved symlink target, allowing a customer to take ownership of arbitrary directories on the system. Version 2.3.6 contains an updated fix.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41231","reference_id":"","reference_type":"","scores":[{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24972","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41231"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41231","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41231"},{"reference_url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6","reference_id":"2.3.6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:48:21Z/"}],"url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6"},{"reference_url":"https://github.com/froxlor/froxlor/commit/2987b0e8806ef12b532410050ad76d13d673a87d","reference_id":"2987b0e8806ef12b532410050ad76d13d673a87d","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:48:21Z/"}],"url":"https://github.com/froxlor/froxlor/commit/2987b0e8806ef12b532410050ad76d13d673a87d"},{"reference_url":"https://github.com/advisories/GHSA-75h4-c557-j89r","reference_id":"GHSA-75h4-c557-j89r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-75h4-c557-j89r"},{"reference_url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-75h4-c557-j89r","reference_id":"GHSA-75h4-c557-j89r","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:48:21Z/"}],"url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-75h4-c557-j89r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41711?format=json","purl":"pkg:composer/froxlor/froxlor@2.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-46tt-1n8z-xuct"},{"vulnerability":"VCID-kjsn-vrac-67f9"},{"vulnerability":"VCID-uyv2-5ka7-pufp"},{"vulnerability":"VCID-vvvf-273x-s3g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6"}],"aliases":["CVE-2026-41231","GHSA-75h4-c557-j89r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w7xv-k4rd-v7bq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/146649?format=json","vulnerability_id":"VCID-x93s-u6kq-fbbe","summary":"Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50256","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18731","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50256"},{"reference_url":"https://github.com/Froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Froxlor/Froxlor"},{"reference_url":"https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4","reference_id":"289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-09T15:34:46Z/"}],"url":"https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4"},{"reference_url":"https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac","reference_id":"4b1846883d4828962add91bd844596d89a9c7cac","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-09T15:34:46Z/"}],"url":"https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50256","reference_id":"CVE-2023-50256","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50256"},{"reference_url":"https://github.com/advisories/GHSA-625g-fm5w-w7w4","reference_id":"GHSA-625g-fm5w-w7w4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-625g-fm5w-w7w4"},{"reference_url":"https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4","reference_id":"GHSA-625g-fm5w-w7w4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-09T15:34:46Z/"}],"url":"https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28269?format=json","purl":"pkg:composer/froxlor/froxlor@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.2"}],"aliases":["CVE-2023-50256","GHSA-625g-fm5w-w7w4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x93s-u6kq-fbbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144856?format=json","vulnerability_id":"VCID-xpgs-hpf3-3qff","summary":"Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1307","reference_id":"","reference_type":"","scores":[{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.65307","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1307"},{"reference_url":"https://github.com/Froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Froxlor/Froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1307","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1307"},{"reference_url":"https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1","reference_id":"5fe85af4-a667-41a9-a00d-f99e07c5e2f1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-28T17:05:24Z/"}],"url":"https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1"},{"reference_url":"https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23","reference_id":"6777fbf229200f4fd566022e186548391219ab23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-28T17:05:24Z/"}],"url":"https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23"},{"reference_url":"https://github.com/advisories/GHSA-j83x-r9qq-9g4v","reference_id":"GHSA-j83x-r9qq-9g4v","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j83x-r9qq-9g4v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380998?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-44fu-9q5x-uuf8"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-f15s-unrj-57ax"},{"vulnerability":"VCID-gfgb-su1s-ubaj"},{"vulnerability":"VCID-hhmm-9bdt-fyb5"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-vbvy-j84s-zygu"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"},{"vulnerability":"VCID-zrvp-d87z-p7dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.13"}],"aliases":["CVE-2023-1307","GHSA-j83x-r9qq-9g4v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xpgs-hpf3-3qff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140366?format=json","vulnerability_id":"VCID-y4zg-wf1d-4bcm","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4829","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21795","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4829"},{"reference_url":"https://github.com/Froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Froxlor/Froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4829","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4829"},{"reference_url":"https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d","reference_id":"4711a414360782fe4fc94f7c25027077cbcdf73d","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T17:04:26Z/"}],"url":"https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d"},{"reference_url":"https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b","reference_id":"babd73ca-6c80-4145-8c7d-33a883fe606b","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T17:04:26Z/"}],"url":"https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b"},{"reference_url":"https://github.com/advisories/GHSA-cvwv-h85m-w37h","reference_id":"GHSA-cvwv-h85m-w37h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cvwv-h85m-w37h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379183?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.22"}],"aliases":["CVE-2023-4829","GHSA-cvwv-h85m-w37h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y4zg-wf1d-4bcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/358320?format=json","vulnerability_id":"VCID-yqdf-v5wf-j3bj","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6069","reference_id":"","reference_type":"","scores":[{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56855","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6069"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc"},{"reference_url":"https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6069","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6069"},{"reference_url":"https://github.com/advisories/GHSA-4jch-8qq5-hqg6","reference_id":"GHSA-4jch-8qq5-hqg6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4jch-8qq5-hqg6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381051?format=json","purl":"pkg:composer/froxlor/froxlor@2.1.0-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.0-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/381932?format=json","purl":"pkg:composer/froxlor/froxlor@2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.0"}],"aliases":["CVE-2023-6069","GHSA-4jch-8qq5-hqg6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yqdf-v5wf-j3bj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151505?format=json","vulnerability_id":"VCID-zrvp-d87z-p7dy","summary":"Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3668","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28011","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3668"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3668","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3668"},{"reference_url":"https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965","reference_id":"03b5a921ff308eeab21bf9d240f27783c8591965","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:31:42Z/"}],"url":"https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965"},{"reference_url":"https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e","reference_id":"df8cccf4-a340-440e-a7e0-1b42e757d66e","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:31:42Z/"}],"url":"https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e"},{"reference_url":"https://github.com/advisories/GHSA-c6v5-pf66-xfq8","reference_id":"GHSA-c6v5-pf66-xfq8","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c6v5-pf66-xfq8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381578?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.21"}],"aliases":["CVE-2023-3668","GHSA-c6v5-pf66-xfq8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zrvp-d87z-p7dy"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210548?format=json","vulnerability_id":"VCID-e8hu-xceh-cygy","summary":"Froxlor SQL injection vulnerability","references":[{"reference_url":"http://packetstormsecurity.com/files/164800/Froxlor-0.10.29.1-SQL-Injection.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/164800/Froxlor-0.10.29.1-SQL-Injection.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42325","reference_id":"","reference_type":"","scores":[{"value":"0.05516","scoring_system":"epss","scoring_elements":"0.90449","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42325"},{"reference_url":"https://github.com/Froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Froxlor/Froxlor"},{"reference_url":"https://github.com/Froxlor/Froxlor/commit/eb592340b022298f62a0a3e8450dbfbe29585782","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Froxlor/Froxlor/commit/eb592340b022298f62a0a3e8450dbfbe29585782"},{"reference_url":"https://www.exploit-db.com/exploits/50502","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/50502"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50502.txt","reference_id":"CVE-2021-42325","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50502.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-42325","reference_id":"CVE-2021-42325","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-42325"},{"reference_url":"https://github.com/advisories/GHSA-6fvw-x6gw-4wv8","reference_id":"GHSA-6fvw-x6gw-4wv8","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6fvw-x6gw-4wv8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23706?format=json","purl":"pkg:composer/froxlor/froxlor@0.10.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13gb-yr6z-n7cc"},{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-2mym-uwpj-v3he"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-44fu-9q5x-uuf8"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-8c8t-7j1p-3baa"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-d48t-6m2w-s7h2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-f15s-unrj-57ax"},{"vulnerability":"VCID-gfgb-su1s-ubaj"},{"vulnerability":"VCID-gxb4-1jgt-z3a8"},{"vulnerability":"VCID-gyny-xdxc-vyg7"},{"vulnerability":"VCID-hhky-38kt-9fcd"},{"vulnerability":"VCID-hhmm-9bdt-fyb5"},{"vulnerability":"VCID-hr4y-q8gp-5ua5"},{"vulnerability":"VCID-hs15-esbz-bfhb"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-mgwv-2pj5-pqav"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-nf6w-t7ew-ryde"},{"vulnerability":"VCID-p242-zj5r-7faw"},{"vulnerability":"VCID-p627-qr92-mkdp"},{"vulnerability":"VCID-qyzq-4avu-zugu"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-unh1-2xmh-qbcs"},{"vulnerability":"VCID-vbvy-j84s-zygu"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-xpgs-hpf3-3qff"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"},{"vulnerability":"VCID-zrvp-d87z-p7dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@0.10.30"}],"aliases":["CVE-2021-42325","GHSA-6fvw-x6gw-4wv8"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8hu-xceh-cygy"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@0.10.30"}