{"url":"http://public2.vulnerablecode.io/api/packages/382068?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.16","type":"composer","namespace":"froxlor","name":"froxlor","version":"2.0.16","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.3.7","latest_non_vulnerable_version":"2.3.7","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66448?format=json","vulnerability_id":"VCID-1rwn-9phn-kkb4","summary":"Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint (accessible to customers with DNS enabled) does not validate the content field for several DNS record types (LOC, RP, SSHFP, TLSA). An attacker can inject newlines and BIND zone file directives (e.g. $INCLUDE) into the zone file that gets written to disk when the DNS rebuild cron job runs. This issue has been patched in version 2.3.5.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30932","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07562","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07584","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07598","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07593","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30932"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://github.com/froxlor/froxlor/releases/tag/2.3.5","reference_id":"2.3.5","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:30:29Z/"}],"url":"https://github.com/froxlor/froxlor/releases/tag/2.3.5"},{"reference_url":"https://github.com/froxlor/froxlor/commit/b34829262dc32818b37f6a1eabb426d0b277a86b","reference_id":"b34829262dc32818b37f6a1eabb426d0b277a86b","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:30:29Z/"}],"url":"https://github.com/froxlor/froxlor/commit/b34829262dc32818b37f6a1eabb426d0b277a86b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30932","reference_id":"CVE-2026-30932","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30932"},{"reference_url":"https://github.com/advisories/GHSA-x6w6-2xwp-3jh6","reference_id":"GHSA-x6w6-2xwp-3jh6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x6w6-2xwp-3jh6"},{"reference_url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-x6w6-2xwp-3jh6","reference_id":"GHSA-x6w6-2xwp-3jh6","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:30:29Z/"}],"url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-x6w6-2xwp-3jh6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374976?format=json","purl":"pkg:composer/froxlor/froxlor@2.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.5"}],"aliases":["CVE-2026-30932","GHSA-x6w6-2xwp-3jh6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1rwn-9phn-kkb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140156?format=json","vulnerability_id":"VCID-38ph-pcue-zydu","summary":"Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4304","reference_id":"","reference_type":"","scores":[{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46923","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46919","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46938","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46782","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4304"},{"reference_url":"https://github.com/Froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Froxlor/Froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4304","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4304"},{"reference_url":"https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9","reference_id":"59fe5037-b253-4b0f-be69-1d2e4af8b4a9","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:04:29Z/"}],"url":"https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9"},{"reference_url":"https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597","reference_id":"ce9a5f97a3edb30c7d33878765d3c014a6583597","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:04:29Z/"}],"url":"https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597"},{"reference_url":"https://github.com/advisories/GHSA-9rmf-6qgj-g3wj","reference_id":"GHSA-9rmf-6qgj-g3wj","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9rmf-6qgj-g3wj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379183?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.22"}],"aliases":["CVE-2023-4304","GHSA-9rmf-6qgj-g3wj"],"risk_score":1.7,"exploitability":"0.5","weighted_severity":"3.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-38ph-pcue-zydu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/108866?format=json","vulnerability_id":"VCID-7e6h-qe19-jken","summary":"Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an existing account. This creates potential issues with account identification and security. This vulnerability can be exploited by authenticated users (e.g., reseller, customer) who can create accounts with the same email address that has already been used by another account, such as the admin. The attack vector is email-based, as the system does not prevent multiple accounts from registering the same email address, leading to possible conflicts and security issues. Version 2.2.6 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-29773","reference_id":"","reference_type":"","scores":[{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25531","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25515","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25512","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25314","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-29773"},{"reference_url":"https://github.com/froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/Froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-29773","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-29773"},{"reference_url":"https://github.com/froxlor/Froxlor/commit/a43d53d54034805e3e404702a01312fa0c40b623","reference_id":"a43d53d54034805e3e404702a01312fa0c40b623","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-13T18:30:51Z/"}],"url":"https://github.com/froxlor/Froxlor/commit/a43d53d54034805e3e404702a01312fa0c40b623"},{"reference_url":"https://github.com/advisories/GHSA-7j6w-p859-464f","reference_id":"GHSA-7j6w-p859-464f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7j6w-p859-464f"},{"reference_url":"https://github.com/froxlor/Froxlor/security/advisories/GHSA-7j6w-p859-464f","reference_id":"GHSA-7j6w-p859-464f","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-13T18:30:51Z/"}],"url":"https://github.com/froxlor/Froxlor/security/advisories/GHSA-7j6w-p859-464f"},{"reference_url":"https://mega.nz/file/h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ","reference_id":"h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-13T18:30:51Z/"}],"url":"https://mega.nz/file/h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378109?format=json","purl":"pkg:composer/froxlor/froxlor@2.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.2.6"}],"aliases":["CVE-2025-29773","GHSA-7j6w-p859-464f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7e6h-qe19-jken"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80823?format=json","vulnerability_id":"VCID-9t9n-1hhp-3yga","summary":"Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpoint `Customers.update` (and `Admins.update`) does not validate the `def_language` parameter against the list of available language files. An authenticated customer can set `def_language` to a path traversal payload (e.g., `../../../../../var/customers/webs/customer1/evil`), which is stored in the database. On subsequent requests, `Language::loadLanguage()` constructs a file path using this value and executes it via `require`, achieving arbitrary PHP code execution as the web server user. Version 2.3.6 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41228","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24712","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24906","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24911","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24922","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41228"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41228","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41228"},{"reference_url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6","reference_id":"2.3.6","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:46:42Z/"}],"url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6"},{"reference_url":"https://github.com/froxlor/froxlor/commit/bc5e6dbaa90e6f3573129da640595e8c770e1d0c","reference_id":"bc5e6dbaa90e6f3573129da640595e8c770e1d0c","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:46:42Z/"}],"url":"https://github.com/froxlor/froxlor/commit/bc5e6dbaa90e6f3573129da640595e8c770e1d0c"},{"reference_url":"https://github.com/advisories/GHSA-w59f-67xm-rxx7","reference_id":"GHSA-w59f-67xm-rxx7","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w59f-67xm-rxx7"},{"reference_url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-w59f-67xm-rxx7","reference_id":"GHSA-w59f-67xm-rxx7","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:46:42Z/"}],"url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-w59f-67xm-rxx7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41711?format=json","purl":"pkg:composer/froxlor/froxlor@2.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-46tt-1n8z-xuct"},{"vulnerability":"VCID-kjsn-vrac-67f9"},{"vulnerability":"VCID-uyv2-5ka7-pufp"},{"vulnerability":"VCID-vvvf-273x-s3g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6"}],"aliases":["CVE-2026-41228","GHSA-w59f-67xm-rxx7"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9t9n-1hhp-3yga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80673?format=json","vulnerability_id":"VCID-atns-wuzm-kqh2","summary":"Froxlor is open source server administration software. Prior to version 2.3.6, `DomainZones::add()` accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the `content` field. When a DNS type not covered by the if/elseif validation chain is submitted (e.g., `NAPTR`, `PTR`, `HINFO`), content validation is entirely bypassed. Embedded newline characters in the content survive `trim()` processing, are stored in the database, and are written directly into BIND zone files via `DnsEntry::__toString()`. An authenticated customer can inject arbitrary DNS records and BIND directives (`$INCLUDE`, `$ORIGIN`, `$GENERATE`) into their domain's zone file. Version 2.3.6 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41230","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18253","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18414","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18416","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18437","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41230"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41230","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41230"},{"reference_url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6","reference_id":"2.3.6","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:58:05Z/"}],"url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6"},{"reference_url":"https://github.com/froxlor/froxlor/commit/47a8af5d9523cb6ec94567405cfc2e294d3a1442","reference_id":"47a8af5d9523cb6ec94567405cfc2e294d3a1442","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:58:05Z/"}],"url":"https://github.com/froxlor/froxlor/commit/47a8af5d9523cb6ec94567405cfc2e294d3a1442"},{"reference_url":"https://github.com/advisories/GHSA-47hf-23pw-3m8c","reference_id":"GHSA-47hf-23pw-3m8c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-47hf-23pw-3m8c"},{"reference_url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-47hf-23pw-3m8c","reference_id":"GHSA-47hf-23pw-3m8c","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:58:05Z/"}],"url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-47hf-23pw-3m8c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41711?format=json","purl":"pkg:composer/froxlor/froxlor@2.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-46tt-1n8z-xuct"},{"vulnerability":"VCID-kjsn-vrac-67f9"},{"vulnerability":"VCID-uyv2-5ka7-pufp"},{"vulnerability":"VCID-vvvf-273x-s3g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6"}],"aliases":["CVE-2026-41230","GHSA-47hf-23pw-3m8c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-atns-wuzm-kqh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49786?format=json","vulnerability_id":"VCID-dptm-3z1r-bubj","summary":"Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting (XSS) vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on the Login attempt, which will then be executed when viewed by the Administrator in the System Logs.  By exploiting this vulnerability, the attacker can perform various malicious actions such as forcing the Administrator to execute actions without their knowledge or consent. For instance, the attacker can force the Administrator to add a new administrator controlled by the attacker, thereby giving the attacker full control over the application. This vulnerability is fixed in 2.1.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34070","reference_id":"","reference_type":"","scores":[{"value":"0.00976","scoring_system":"epss","scoring_elements":"0.77122","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00976","scoring_system":"epss","scoring_elements":"0.77197","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00976","scoring_system":"epss","scoring_elements":"0.77193","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00976","scoring_system":"epss","scoring_elements":"0.77205","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34070"},{"reference_url":"https://github.com/froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/Froxlor"},{"reference_url":"https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6","reference_id":"a862307bce5cdfb1c208b835f3e8faddd23046e6","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-10T20:22:17Z/"}],"url":"https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34070","reference_id":"CVE-2024-34070","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34070"},{"reference_url":"https://github.com/advisories/GHSA-x525-54hf-xr53","reference_id":"GHSA-x525-54hf-xr53","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x525-54hf-xr53"},{"reference_url":"https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53","reference_id":"GHSA-x525-54hf-xr53","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-10T20:22:17Z/"}],"url":"https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30983?format=json","purl":"pkg:composer/froxlor/froxlor@2.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.9"}],"aliases":["CVE-2024-34070","GHSA-x525-54hf-xr53"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dptm-3z1r-bubj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80834?format=json","vulnerability_id":"VCID-ebbm-gvf6-xfbd","summary":"Froxlor is open source server administration software. Prior to version 2.3.6, `PhpHelper::parseArrayToString()` writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with `change_serversettings` permission adds or updates a MySQL server via the API, the `privileged_user` parameter (which has no input validation) is written unescaped into `lib/userdata.inc.php`. Since this file is `require`d on every request via `Database::getDB()`, an attacker can inject arbitrary PHP code that executes as the web server user on every subsequent page load. Version 2.3.6 contains a patch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41229","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.2754","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27758","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27743","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27768","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41229"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41229","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41229"},{"reference_url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6","reference_id":"2.3.6","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T12:31:11Z/"}],"url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6"},{"reference_url":"https://github.com/froxlor/froxlor/commit/3589ddf93ab59eb2a8971f0f56cbf6266d03c4ae","reference_id":"3589ddf93ab59eb2a8971f0f56cbf6266d03c4ae","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T12:31:11Z/"}],"url":"https://github.com/froxlor/froxlor/commit/3589ddf93ab59eb2a8971f0f56cbf6266d03c4ae"},{"reference_url":"https://github.com/advisories/GHSA-gc9w-cc93-rjv8","reference_id":"GHSA-gc9w-cc93-rjv8","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gc9w-cc93-rjv8"},{"reference_url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-gc9w-cc93-rjv8","reference_id":"GHSA-gc9w-cc93-rjv8","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T12:31:11Z/"}],"url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-gc9w-cc93-rjv8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41711?format=json","purl":"pkg:composer/froxlor/froxlor@2.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-46tt-1n8z-xuct"},{"vulnerability":"VCID-kjsn-vrac-67f9"},{"vulnerability":"VCID-uyv2-5ka7-pufp"},{"vulnerability":"VCID-vvvf-273x-s3g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6"}],"aliases":["CVE-2026-41229","GHSA-gc9w-cc93-rjv8"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ebbm-gvf6-xfbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151663?format=json","vulnerability_id":"VCID-f15s-unrj-57ax","summary":"Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3192","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36562","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36573","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36727","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38195","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3192"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3192","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3192"},{"reference_url":"https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52","reference_id":"94d9c3eedf31bc8447e3aa349e32880dde02ee52","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:04:10Z/"}],"url":"https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52"},{"reference_url":"https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551","reference_id":"f3644772-9c86-4f55-a0fa-aeb11f411551","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:04:10Z/"}],"url":"https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551"},{"reference_url":"https://github.com/advisories/GHSA-jr66-9ghf-6gp3","reference_id":"GHSA-jr66-9ghf-6gp3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jr66-9ghf-6gp3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381932?format=json","purl":"pkg:composer/froxlor/froxlor@2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.0"}],"aliases":["CVE-2023-3192","GHSA-jr66-9ghf-6gp3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f15s-unrj-57ax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151293?format=json","vulnerability_id":"VCID-gfgb-su1s-ubaj","summary":"Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3173","reference_id":"","reference_type":"","scores":[{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.335","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33676","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.3368","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33702","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3173"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3173","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3173"},{"reference_url":"https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6","reference_id":"464216072456efb35b4541c58e7016463dfbd9a6","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-06T17:11:52Z/"}],"url":"https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6"},{"reference_url":"https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14","reference_id":"4d715f76-950d-4251-8139-3dffea798f14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-06T17:11:52Z/"}],"url":"https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14"},{"reference_url":"https://github.com/advisories/GHSA-chw4-88xc-79w6","reference_id":"GHSA-chw4-88xc-79w6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-chw4-88xc-79w6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381608?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-f15s-unrj-57ax"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"},{"vulnerability":"VCID-zrvp-d87z-p7dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.20"}],"aliases":["CVE-2023-3173","GHSA-chw4-88xc-79w6"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gfgb-su1s-ubaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/118076?format=json","vulnerability_id":"VCID-jvvz-9twe-8fb1","summary":"Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48958","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38415","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38403","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38392","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38218","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48958"},{"reference_url":"https://github.com/froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/Froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48958","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48958"},{"reference_url":"https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e","reference_id":"86947633-3e7c-4e10-86cc-92e577761e8e","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T16:40:22Z/"}],"url":"https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e"},{"reference_url":"https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a","reference_id":"fde43f80600f1035e1e3d2297411b666d805549a","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T16:40:22Z/"}],"url":"https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a"},{"reference_url":"https://github.com/advisories/GHSA-26xq-m8xw-6373","reference_id":"GHSA-26xq-m8xw-6373","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-26xq-m8xw-6373"},{"reference_url":"https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373","reference_id":"GHSA-26xq-m8xw-6373","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T16:40:22Z/"}],"url":"https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378109?format=json","purl":"pkg:composer/froxlor/froxlor@2.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.2.6"}],"aliases":["CVE-2025-48958","GHSA-26xq-m8xw-6373"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvvz-9twe-8fb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80672?format=json","vulnerability_id":"VCID-nbu9-sey3-w7es","summary":"Froxlor is open source server administration software. Prior to version 2.3.6, in `EmailSender::add()`, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to `validateLocalDomainOwnership()`. This causes the ownership check to always pass for non-existent \"domains,\" allowing any authenticated customer to add sender aliases for email addresses on domains belonging to other customers. Postfix's `sender_login_maps` then authorizes the attacker to send emails as those addresses. Version 2.3.6 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41232","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12259","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12181","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1228","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12274","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41232"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41232","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41232"},{"reference_url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6","reference_id":"2.3.6","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:49:29Z/"}],"url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6"},{"reference_url":"https://github.com/froxlor/froxlor/commit/77d04badf549d5f8429828f0fbc69bc37a35e07a","reference_id":"77d04badf549d5f8429828f0fbc69bc37a35e07a","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:49:29Z/"}],"url":"https://github.com/froxlor/froxlor/commit/77d04badf549d5f8429828f0fbc69bc37a35e07a"},{"reference_url":"https://github.com/advisories/GHSA-vmjj-qr7v-pxm6","reference_id":"GHSA-vmjj-qr7v-pxm6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vmjj-qr7v-pxm6"},{"reference_url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-vmjj-qr7v-pxm6","reference_id":"GHSA-vmjj-qr7v-pxm6","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:49:29Z/"}],"url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-vmjj-qr7v-pxm6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41711?format=json","purl":"pkg:composer/froxlor/froxlor@2.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-46tt-1n8z-xuct"},{"vulnerability":"VCID-kjsn-vrac-67f9"},{"vulnerability":"VCID-uyv2-5ka7-pufp"},{"vulnerability":"VCID-vvvf-273x-s3g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6"}],"aliases":["CVE-2026-41232","GHSA-vmjj-qr7v-pxm6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nbu9-sey3-w7es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70796?format=json","vulnerability_id":"VCID-rw5a-bgxw-bfbd","summary":"Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code (== instead of =) completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the panel.adminmail setting. This value is later concatenated into a shell command executed as root by a cron job, where the pipe character | is explicitly whitelisted. The result is full root-level Remote Code Execution. This vulnerability is fixed in 2.3.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26279","reference_id":"","reference_type":"","scores":[{"value":"0.009","scoring_system":"epss","scoring_elements":"0.76198","published_at":"2026-06-14T12:55:00Z"},{"value":"0.009","scoring_system":"epss","scoring_elements":"0.76204","published_at":"2026-06-13T12:55:00Z"},{"value":"0.009","scoring_system":"epss","scoring_elements":"0.76191","published_at":"2026-06-12T12:55:00Z"},{"value":"0.009","scoring_system":"epss","scoring_elements":"0.76119","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26279"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://github.com/froxlor/froxlor/commit/22249677107f8f39f8d4a238605641e87dab4343","reference_id":"22249677107f8f39f8d4a238605641e87dab4343","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:12:37Z/"}],"url":"https://github.com/froxlor/froxlor/commit/22249677107f8f39f8d4a238605641e87dab4343"},{"reference_url":"https://github.com/froxlor/froxlor/releases/tag/2.3.4","reference_id":"2.3.4","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:12:37Z/"}],"url":"https://github.com/froxlor/froxlor/releases/tag/2.3.4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26279","reference_id":"CVE-2026-26279","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26279"},{"reference_url":"https://github.com/advisories/GHSA-33mp-8p67-xj7c","reference_id":"GHSA-33mp-8p67-xj7c","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-33mp-8p67-xj7c"},{"reference_url":"https://github.com/froxlor/Froxlor/security/advisories/GHSA-33mp-8p67-xj7c","reference_id":"GHSA-33mp-8p67-xj7c","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:12:37Z/"}],"url":"https://github.com/froxlor/Froxlor/security/advisories/GHSA-33mp-8p67-xj7c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40093?format=json","purl":"pkg:composer/froxlor/froxlor@2.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.4"}],"aliases":["CVE-2026-26279","GHSA-33mp-8p67-xj7c"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rw5a-bgxw-bfbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133459?format=json","vulnerability_id":"VCID-tk6b-p759-jyfv","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5564","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18716","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18721","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18739","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18558","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5564"},{"reference_url":"https://github.com/Froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Froxlor/Froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5564","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5564"},{"reference_url":"https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c","reference_id":"9254d8f3-a847-4ae8-8477-d2ce027cff5c","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T17:07:19Z/"}],"url":"https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c"},{"reference_url":"https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa","reference_id":"e8ed43056c1665522a586e3485da67f2bdf073aa","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T17:07:19Z/"}],"url":"https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa"},{"reference_url":"https://github.com/advisories/GHSA-j5hq-6frc-64v3","reference_id":"GHSA-j5hq-6frc-64v3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j5hq-6frc-64v3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379319?format=json","purl":"pkg:composer/froxlor/froxlor@2.1.0-dev1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.0-dev1"}],"aliases":["CVE-2023-5564","GHSA-j5hq-6frc-64v3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tk6b-p759-jyfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80953?format=json","vulnerability_id":"VCID-tvgb-xmfz-tuf6","summary":"Froxlor is open source server administration software. Prior to version 2.3.6, in `Domains.add()`, the `adminid` parameter is accepted from user input and used without validation when the calling reseller does not have the `customers_see_all` permission. This allows a reseller to attribute newly created domains to any other admin, bypassing their own domain quota (since the wrong admin's `domains_used` counter is incremented) and potentially exhausting another admin's quota. Version 2.3.6 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41233","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.17011","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.17153","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.17167","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.17179","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41233"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41233","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41233"},{"reference_url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6","reference_id":"2.3.6","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T12:26:17Z/"}],"url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6"},{"reference_url":"https://github.com/froxlor/froxlor/commit/bf47ba15329506e9f9662f9462463932aa80dff5","reference_id":"bf47ba15329506e9f9662f9462463932aa80dff5","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T12:26:17Z/"}],"url":"https://github.com/froxlor/froxlor/commit/bf47ba15329506e9f9662f9462463932aa80dff5"},{"reference_url":"https://github.com/advisories/GHSA-jvx4-xv3m-hrj4","reference_id":"GHSA-jvx4-xv3m-hrj4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jvx4-xv3m-hrj4"},{"reference_url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-jvx4-xv3m-hrj4","reference_id":"GHSA-jvx4-xv3m-hrj4","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T12:26:17Z/"}],"url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-jvx4-xv3m-hrj4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41711?format=json","purl":"pkg:composer/froxlor/froxlor@2.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-46tt-1n8z-xuct"},{"vulnerability":"VCID-kjsn-vrac-67f9"},{"vulnerability":"VCID-uyv2-5ka7-pufp"},{"vulnerability":"VCID-vvvf-273x-s3g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6"}],"aliases":["CVE-2026-41233","GHSA-jvx4-xv3m-hrj4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tvgb-xmfz-tuf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212215?format=json","vulnerability_id":"VCID-u4pt-mr2z-j3f2","summary":"Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD>","references":[{"reference_url":"https://github.com/froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/Froxlor"},{"reference_url":"https://github.com/froxlor/Froxlor/blob/2.1.9/lib/configfiles/bookworm.xml#L3075","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/Froxlor/blob/2.1.9/lib/configfiles/bookworm.xml#L3075"},{"reference_url":"https://github.com/froxlor/Froxlor/commit/5d2ce4ecfb0e9c397ef5c73b107fb9a0e122e910","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/Froxlor/commit/5d2ce4ecfb0e9c397ef5c73b107fb9a0e122e910"},{"reference_url":"https://github.com/advisories/GHSA-34qg-65m4-f23m","reference_id":"GHSA-34qg-65m4-f23m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-34qg-65m4-f23m"},{"reference_url":"https://github.com/froxlor/Froxlor/security/advisories/GHSA-34qg-65m4-f23m","reference_id":"GHSA-34qg-65m4-f23m","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/Froxlor/security/advisories/GHSA-34qg-65m4-f23m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33112?format=json","purl":"pkg:composer/froxlor/froxlor@2.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.2.0"}],"aliases":["GHSA-34qg-65m4-f23m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u4pt-mr2z-j3f2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151443?format=json","vulnerability_id":"VCID-vbvy-j84s-zygu","summary":"Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3172","reference_id":"","reference_type":"","scores":[{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53797","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53813","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53671","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3172"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3172","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3172"},{"reference_url":"https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e","reference_id":"da810ea95393dfaec68a70e30b7c887c50563a7e","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:12:19Z/"}],"url":"https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e"},{"reference_url":"https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e","reference_id":"e50966cd-9222-46b9-aedc-1feb3f2a0b0e","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:12:19Z/"}],"url":"https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e"},{"reference_url":"https://github.com/advisories/GHSA-ghqq-jfx7-f6m9","reference_id":"GHSA-ghqq-jfx7-f6m9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ghqq-jfx7-f6m9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381608?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-f15s-unrj-57ax"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"},{"vulnerability":"VCID-zrvp-d87z-p7dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.20"}],"aliases":["CVE-2023-3172","GHSA-ghqq-jfx7-f6m9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vbvy-j84s-zygu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80698?format=json","vulnerability_id":"VCID-w7xv-k4rd-v7bq","summary":"Froxlor is open source server administration software. Prior to version 2.3.6, `DataDump.add()` constructs the export destination path from user-supplied input without passing the `$fixed_homedir` parameter to `FileDir::makeCorrectDir()`, bypassing the symlink validation that was added to all other customer-facing path operations (likely as the fix for CVE-2023-6069). When the ExportCron runs as root, it executes `chown -R` on the resolved symlink target, allowing a customer to take ownership of arbitrary directories on the system. Version 2.3.6 contains an updated fix.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41231","reference_id":"","reference_type":"","scores":[{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24972","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25172","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30399","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30411","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41231"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41231","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41231"},{"reference_url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6","reference_id":"2.3.6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:48:21Z/"}],"url":"https://github.com/froxlor/froxlor/releases/tag/2.3.6"},{"reference_url":"https://github.com/froxlor/froxlor/commit/2987b0e8806ef12b532410050ad76d13d673a87d","reference_id":"2987b0e8806ef12b532410050ad76d13d673a87d","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:48:21Z/"}],"url":"https://github.com/froxlor/froxlor/commit/2987b0e8806ef12b532410050ad76d13d673a87d"},{"reference_url":"https://github.com/advisories/GHSA-75h4-c557-j89r","reference_id":"GHSA-75h4-c557-j89r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-75h4-c557-j89r"},{"reference_url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-75h4-c557-j89r","reference_id":"GHSA-75h4-c557-j89r","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:48:21Z/"}],"url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-75h4-c557-j89r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41711?format=json","purl":"pkg:composer/froxlor/froxlor@2.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-46tt-1n8z-xuct"},{"vulnerability":"VCID-kjsn-vrac-67f9"},{"vulnerability":"VCID-uyv2-5ka7-pufp"},{"vulnerability":"VCID-vvvf-273x-s3g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6"}],"aliases":["CVE-2026-41231","GHSA-75h4-c557-j89r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w7xv-k4rd-v7bq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/146649?format=json","vulnerability_id":"VCID-x93s-u6kq-fbbe","summary":"Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50256","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18894","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18888","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18731","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18912","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50256"},{"reference_url":"https://github.com/Froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Froxlor/Froxlor"},{"reference_url":"https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4","reference_id":"289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-09T15:34:46Z/"}],"url":"https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4"},{"reference_url":"https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac","reference_id":"4b1846883d4828962add91bd844596d89a9c7cac","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-09T15:34:46Z/"}],"url":"https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50256","reference_id":"CVE-2023-50256","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50256"},{"reference_url":"https://github.com/advisories/GHSA-625g-fm5w-w7w4","reference_id":"GHSA-625g-fm5w-w7w4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-625g-fm5w-w7w4"},{"reference_url":"https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4","reference_id":"GHSA-625g-fm5w-w7w4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-09T15:34:46Z/"}],"url":"https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28269?format=json","purl":"pkg:composer/froxlor/froxlor@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.2"}],"aliases":["CVE-2023-50256","GHSA-625g-fm5w-w7w4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x93s-u6kq-fbbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140366?format=json","vulnerability_id":"VCID-y4zg-wf1d-4bcm","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4829","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21984","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21972","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21996","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21795","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4829"},{"reference_url":"https://github.com/Froxlor/Froxlor","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Froxlor/Froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4829","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4829"},{"reference_url":"https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d","reference_id":"4711a414360782fe4fc94f7c25027077cbcdf73d","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T17:04:26Z/"}],"url":"https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d"},{"reference_url":"https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b","reference_id":"babd73ca-6c80-4145-8c7d-33a883fe606b","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T17:04:26Z/"}],"url":"https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b"},{"reference_url":"https://github.com/advisories/GHSA-cvwv-h85m-w37h","reference_id":"GHSA-cvwv-h85m-w37h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cvwv-h85m-w37h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379183?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.22"}],"aliases":["CVE-2023-4829","GHSA-cvwv-h85m-w37h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y4zg-wf1d-4bcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/358320?format=json","vulnerability_id":"VCID-yqdf-v5wf-j3bj","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6069","reference_id":"","reference_type":"","scores":[{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56855","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56975","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.5699","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56981","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6069"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc"},{"reference_url":"https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6069","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6069"},{"reference_url":"https://github.com/advisories/GHSA-4jch-8qq5-hqg6","reference_id":"GHSA-4jch-8qq5-hqg6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4jch-8qq5-hqg6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381051?format=json","purl":"pkg:composer/froxlor/froxlor@2.1.0-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.0-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/381932?format=json","purl":"pkg:composer/froxlor/froxlor@2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.0"}],"aliases":["CVE-2023-6069","GHSA-4jch-8qq5-hqg6"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yqdf-v5wf-j3bj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151505?format=json","vulnerability_id":"VCID-zrvp-d87z-p7dy","summary":"Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3668","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28011","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28225","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28211","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28234","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3668"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3668","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3668"},{"reference_url":"https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965","reference_id":"03b5a921ff308eeab21bf9d240f27783c8591965","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:31:42Z/"}],"url":"https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965"},{"reference_url":"https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e","reference_id":"df8cccf4-a340-440e-a7e0-1b42e757d66e","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:31:42Z/"}],"url":"https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e"},{"reference_url":"https://github.com/advisories/GHSA-c6v5-pf66-xfq8","reference_id":"GHSA-c6v5-pf66-xfq8","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c6v5-pf66-xfq8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381578?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.21"}],"aliases":["CVE-2023-3668","GHSA-c6v5-pf66-xfq8"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zrvp-d87z-p7dy"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/150740?format=json","vulnerability_id":"VCID-44fu-9q5x-uuf8","summary":"Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2666","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4409","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44251","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44244","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44263","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2666"},{"reference_url":"https://github.com/froxlor/froxlor","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froxlor/froxlor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2666","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2666"},{"reference_url":"https://huntr.dev/bounties/0bbdc9d4-d9dc-4490-93ef-0a83b451a20f","reference_id":"0bbdc9d4-d9dc-4490-93ef-0a83b451a20f","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-24T15:58:44Z/"}],"url":"https://huntr.dev/bounties/0bbdc9d4-d9dc-4490-93ef-0a83b451a20f"},{"reference_url":"https://github.com/froxlor/froxlor/commit/1679675aa1c29d24344dd2e091ff252accb111d6","reference_id":"1679675aa1c29d24344dd2e091ff252accb111d6","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-24T15:58:44Z/"}],"url":"https://github.com/froxlor/froxlor/commit/1679675aa1c29d24344dd2e091ff252accb111d6"},{"reference_url":"https://github.com/advisories/GHSA-4gm9-c9jq-g523","reference_id":"GHSA-4gm9-c9jq-g523","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4gm9-c9jq-g523"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382068?format=json","purl":"pkg:composer/froxlor/froxlor@2.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rwn-9phn-kkb4"},{"vulnerability":"VCID-38ph-pcue-zydu"},{"vulnerability":"VCID-7e6h-qe19-jken"},{"vulnerability":"VCID-9t9n-1hhp-3yga"},{"vulnerability":"VCID-atns-wuzm-kqh2"},{"vulnerability":"VCID-dptm-3z1r-bubj"},{"vulnerability":"VCID-ebbm-gvf6-xfbd"},{"vulnerability":"VCID-f15s-unrj-57ax"},{"vulnerability":"VCID-gfgb-su1s-ubaj"},{"vulnerability":"VCID-jvvz-9twe-8fb1"},{"vulnerability":"VCID-nbu9-sey3-w7es"},{"vulnerability":"VCID-rw5a-bgxw-bfbd"},{"vulnerability":"VCID-tk6b-p759-jyfv"},{"vulnerability":"VCID-tvgb-xmfz-tuf6"},{"vulnerability":"VCID-u4pt-mr2z-j3f2"},{"vulnerability":"VCID-vbvy-j84s-zygu"},{"vulnerability":"VCID-w7xv-k4rd-v7bq"},{"vulnerability":"VCID-x93s-u6kq-fbbe"},{"vulnerability":"VCID-y4zg-wf1d-4bcm"},{"vulnerability":"VCID-yqdf-v5wf-j3bj"},{"vulnerability":"VCID-zrvp-d87z-p7dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.16"}],"aliases":["CVE-2023-2666","GHSA-4gm9-c9jq-g523"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44fu-9q5x-uuf8"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.16"}