Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/618385?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/618385?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.12", "type": "composer", "namespace": "froxlor", "name": "froxlor", "version": "2.0.12", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.3.7", "latest_non_vulnerable_version": "2.3.7", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66448?format=api", "vulnerability_id": "VCID-1rwn-9phn-kkb4", "summary": "Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint (accessible to customers with DNS enabled) does not validate the content field for several DNS record types (LOC, RP, SSHFP, TLSA). An attacker can inject newlines and BIND zone file directives (e.g. $INCLUDE) into the zone file that gets written to disk when the DNS rebuild cron job runs. This issue has been patched in version 2.3.5.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07562", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07584", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07598", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07593", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30932" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://github.com/froxlor/froxlor/releases/tag/2.3.5", "reference_id": "2.3.5", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:30:29Z/" } ], "url": "https://github.com/froxlor/froxlor/releases/tag/2.3.5" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/b34829262dc32818b37f6a1eabb426d0b277a86b", "reference_id": "b34829262dc32818b37f6a1eabb426d0b277a86b", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:30:29Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/b34829262dc32818b37f6a1eabb426d0b277a86b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30932", "reference_id": "CVE-2026-30932", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30932" }, { "reference_url": "https://github.com/advisories/GHSA-x6w6-2xwp-3jh6", "reference_id": "GHSA-x6w6-2xwp-3jh6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x6w6-2xwp-3jh6" }, { "reference_url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-x6w6-2xwp-3jh6", "reference_id": "GHSA-x6w6-2xwp-3jh6", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:30:29Z/" } ], "url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-x6w6-2xwp-3jh6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374976?format=api", "purl": "pkg:composer/froxlor/froxlor@2.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.5" } ], "aliases": [ "CVE-2026-30932", "GHSA-x6w6-2xwp-3jh6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1rwn-9phn-kkb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140156?format=api", "vulnerability_id": "VCID-38ph-pcue-zydu", "summary": "Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4304", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46923", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46919", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46938", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46782", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4304" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4304", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4304" }, { "reference_url": "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9", "reference_id": "59fe5037-b253-4b0f-be69-1d2e4af8b4a9", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:04:29Z/" } ], "url": "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597", "reference_id": "ce9a5f97a3edb30c7d33878765d3c014a6583597", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:04:29Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597" }, { "reference_url": "https://github.com/advisories/GHSA-9rmf-6qgj-g3wj", "reference_id": "GHSA-9rmf-6qgj-g3wj", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9rmf-6qgj-g3wj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379183?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.22" } ], "aliases": [ "CVE-2023-4304", "GHSA-9rmf-6qgj-g3wj" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-38ph-pcue-zydu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150740?format=api", "vulnerability_id": "VCID-44fu-9q5x-uuf8", "summary": "Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2666", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.4409", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44251", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44244", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44263", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2666" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2666", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2666" }, { "reference_url": "https://huntr.dev/bounties/0bbdc9d4-d9dc-4490-93ef-0a83b451a20f", "reference_id": "0bbdc9d4-d9dc-4490-93ef-0a83b451a20f", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-24T15:58:44Z/" } ], "url": "https://huntr.dev/bounties/0bbdc9d4-d9dc-4490-93ef-0a83b451a20f" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/1679675aa1c29d24344dd2e091ff252accb111d6", "reference_id": "1679675aa1c29d24344dd2e091ff252accb111d6", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-24T15:58:44Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/1679675aa1c29d24344dd2e091ff252accb111d6" }, { "reference_url": "https://github.com/advisories/GHSA-4gm9-c9jq-g523", "reference_id": "GHSA-4gm9-c9jq-g523", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4gm9-c9jq-g523" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382068?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.16" } ], "aliases": [ "CVE-2023-2666", "GHSA-4gm9-c9jq-g523" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-44fu-9q5x-uuf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/108866?format=api", "vulnerability_id": "VCID-7e6h-qe19-jken", "summary": "Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an existing account. This creates potential issues with account identification and security. This vulnerability can be exploited by authenticated users (e.g., reseller, customer) who can create accounts with the same email address that has already been used by another account, such as the admin. The attack vector is email-based, as the system does not prevent multiple accounts from registering the same email address, leading to possible conflicts and security issues. Version 2.2.6 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-29773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25531", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25515", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25512", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25314", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-29773" }, { "reference_url": "https://github.com/froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29773", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29773" }, { "reference_url": "https://github.com/froxlor/Froxlor/commit/a43d53d54034805e3e404702a01312fa0c40b623", "reference_id": "a43d53d54034805e3e404702a01312fa0c40b623", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-13T18:30:51Z/" } ], "url": "https://github.com/froxlor/Froxlor/commit/a43d53d54034805e3e404702a01312fa0c40b623" }, { "reference_url": "https://github.com/advisories/GHSA-7j6w-p859-464f", "reference_id": "GHSA-7j6w-p859-464f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7j6w-p859-464f" }, { "reference_url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-7j6w-p859-464f", "reference_id": "GHSA-7j6w-p859-464f", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-13T18:30:51Z/" } ], "url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-7j6w-p859-464f" }, { "reference_url": "https://mega.nz/file/h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ", "reference_id": "h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-13T18:30:51Z/" } ], "url": "https://mega.nz/file/h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/378109?format=api", "purl": "pkg:composer/froxlor/froxlor@2.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.2.6" } ], "aliases": [ "CVE-2025-29773", "GHSA-7j6w-p859-464f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7e6h-qe19-jken" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80823?format=api", "vulnerability_id": "VCID-9t9n-1hhp-3yga", "summary": "Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpoint `Customers.update` (and `Admins.update`) does not validate the `def_language` parameter against the list of available language files. An authenticated customer can set `def_language` to a path traversal payload (e.g., `../../../../../var/customers/webs/customer1/evil`), which is stored in the database. On subsequent requests, `Language::loadLanguage()` constructs a file path using this value and executes it via `require`, achieving arbitrary PHP code execution as the web server user. Version 2.3.6 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41228", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24712", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24906", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24911", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24922", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41228" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41228", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41228" }, { "reference_url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6", "reference_id": "2.3.6", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:46:42Z/" } ], "url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/bc5e6dbaa90e6f3573129da640595e8c770e1d0c", "reference_id": "bc5e6dbaa90e6f3573129da640595e8c770e1d0c", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:46:42Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/bc5e6dbaa90e6f3573129da640595e8c770e1d0c" }, { "reference_url": "https://github.com/advisories/GHSA-w59f-67xm-rxx7", "reference_id": "GHSA-w59f-67xm-rxx7", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w59f-67xm-rxx7" }, { "reference_url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-w59f-67xm-rxx7", "reference_id": "GHSA-w59f-67xm-rxx7", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:46:42Z/" } ], "url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-w59f-67xm-rxx7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41711?format=api", "purl": "pkg:composer/froxlor/froxlor@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46tt-1n8z-xuct" }, { "vulnerability": "VCID-kjsn-vrac-67f9" }, { "vulnerability": "VCID-uyv2-5ka7-pufp" }, { "vulnerability": "VCID-vvvf-273x-s3g8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6" } ], "aliases": [ "CVE-2026-41228", "GHSA-w59f-67xm-rxx7" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9t9n-1hhp-3yga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80673?format=api", "vulnerability_id": "VCID-atns-wuzm-kqh2", "summary": "Froxlor is open source server administration software. Prior to version 2.3.6, `DomainZones::add()` accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the `content` field. When a DNS type not covered by the if/elseif validation chain is submitted (e.g., `NAPTR`, `PTR`, `HINFO`), content validation is entirely bypassed. Embedded newline characters in the content survive `trim()` processing, are stored in the database, and are written directly into BIND zone files via `DnsEntry::__toString()`. An authenticated customer can inject arbitrary DNS records and BIND directives (`$INCLUDE`, `$ORIGIN`, `$GENERATE`) into their domain's zone file. Version 2.3.6 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18253", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18414", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18416", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18437", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41230" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41230", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41230" }, { "reference_url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6", "reference_id": "2.3.6", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:58:05Z/" } ], "url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/47a8af5d9523cb6ec94567405cfc2e294d3a1442", "reference_id": "47a8af5d9523cb6ec94567405cfc2e294d3a1442", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:58:05Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/47a8af5d9523cb6ec94567405cfc2e294d3a1442" }, { "reference_url": "https://github.com/advisories/GHSA-47hf-23pw-3m8c", "reference_id": "GHSA-47hf-23pw-3m8c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-47hf-23pw-3m8c" }, { "reference_url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-47hf-23pw-3m8c", "reference_id": "GHSA-47hf-23pw-3m8c", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:58:05Z/" } ], "url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-47hf-23pw-3m8c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41711?format=api", "purl": "pkg:composer/froxlor/froxlor@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46tt-1n8z-xuct" }, { "vulnerability": "VCID-kjsn-vrac-67f9" }, { "vulnerability": "VCID-uyv2-5ka7-pufp" }, { "vulnerability": "VCID-vvvf-273x-s3g8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6" } ], "aliases": [ "CVE-2026-41230", "GHSA-47hf-23pw-3m8c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-atns-wuzm-kqh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49786?format=api", "vulnerability_id": "VCID-dptm-3z1r-bubj", "summary": "Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting (XSS) vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on the Login attempt, which will then be executed when viewed by the Administrator in the System Logs. By exploiting this vulnerability, the attacker can perform various malicious actions such as forcing the Administrator to execute actions without their knowledge or consent. For instance, the attacker can force the Administrator to add a new administrator controlled by the attacker, thereby giving the attacker full control over the application. This vulnerability is fixed in 2.1.9.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34070", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00976", "scoring_system": "epss", "scoring_elements": "0.77122", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00976", "scoring_system": "epss", "scoring_elements": "0.77197", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00976", "scoring_system": "epss", "scoring_elements": "0.77193", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00976", "scoring_system": "epss", "scoring_elements": "0.77205", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34070" }, { "reference_url": "https://github.com/froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/Froxlor" }, { "reference_url": "https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6", "reference_id": "a862307bce5cdfb1c208b835f3e8faddd23046e6", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "9.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-10T20:22:17Z/" } ], "url": "https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34070", "reference_id": "CVE-2024-34070", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34070" }, { "reference_url": "https://github.com/advisories/GHSA-x525-54hf-xr53", "reference_id": "GHSA-x525-54hf-xr53", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x525-54hf-xr53" }, { "reference_url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53", "reference_id": "GHSA-x525-54hf-xr53", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "9.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-10T20:22:17Z/" } ], "url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30983?format=api", "purl": "pkg:composer/froxlor/froxlor@2.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.9" } ], "aliases": [ "CVE-2024-34070", "GHSA-x525-54hf-xr53" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dptm-3z1r-bubj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80834?format=api", "vulnerability_id": "VCID-ebbm-gvf6-xfbd", "summary": "Froxlor is open source server administration software. Prior to version 2.3.6, `PhpHelper::parseArrayToString()` writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with `change_serversettings` permission adds or updates a MySQL server via the API, the `privileged_user` parameter (which has no input validation) is written unescaped into `lib/userdata.inc.php`. Since this file is `require`d on every request via `Database::getDB()`, an attacker can inject arbitrary PHP code that executes as the web server user on every subsequent page load. Version 2.3.6 contains a patch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.2754", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27758", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27743", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27768", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41229" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41229", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41229" }, { "reference_url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6", "reference_id": "2.3.6", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T12:31:11Z/" } ], "url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/3589ddf93ab59eb2a8971f0f56cbf6266d03c4ae", "reference_id": "3589ddf93ab59eb2a8971f0f56cbf6266d03c4ae", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T12:31:11Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/3589ddf93ab59eb2a8971f0f56cbf6266d03c4ae" }, { "reference_url": "https://github.com/advisories/GHSA-gc9w-cc93-rjv8", "reference_id": "GHSA-gc9w-cc93-rjv8", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gc9w-cc93-rjv8" }, { "reference_url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-gc9w-cc93-rjv8", "reference_id": "GHSA-gc9w-cc93-rjv8", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T12:31:11Z/" } ], "url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-gc9w-cc93-rjv8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41711?format=api", "purl": "pkg:composer/froxlor/froxlor@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46tt-1n8z-xuct" }, { "vulnerability": "VCID-kjsn-vrac-67f9" }, { "vulnerability": "VCID-uyv2-5ka7-pufp" }, { "vulnerability": "VCID-vvvf-273x-s3g8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6" } ], "aliases": [ "CVE-2026-41229", "GHSA-gc9w-cc93-rjv8" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ebbm-gvf6-xfbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151663?format=api", "vulnerability_id": "VCID-f15s-unrj-57ax", "summary": "Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3192", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36562", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36573", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36727", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38195", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3192" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3192", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3192" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52", "reference_id": "94d9c3eedf31bc8447e3aa349e32880dde02ee52", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:04:10Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52" }, { "reference_url": "https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551", "reference_id": "f3644772-9c86-4f55-a0fa-aeb11f411551", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:04:10Z/" } ], "url": "https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551" }, { "reference_url": "https://github.com/advisories/GHSA-jr66-9ghf-6gp3", "reference_id": "GHSA-jr66-9ghf-6gp3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jr66-9ghf-6gp3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381932?format=api", "purl": "pkg:composer/froxlor/froxlor@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.0" } ], "aliases": [ "CVE-2023-3192", "GHSA-jr66-9ghf-6gp3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f15s-unrj-57ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151293?format=api", "vulnerability_id": "VCID-gfgb-su1s-ubaj", "summary": "Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3173", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.335", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33676", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.3368", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33702", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3173" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3173", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3173" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6", "reference_id": "464216072456efb35b4541c58e7016463dfbd9a6", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-06T17:11:52Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6" }, { "reference_url": "https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14", "reference_id": "4d715f76-950d-4251-8139-3dffea798f14", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-06T17:11:52Z/" } ], "url": "https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14" }, { "reference_url": "https://github.com/advisories/GHSA-chw4-88xc-79w6", "reference_id": "GHSA-chw4-88xc-79w6", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-chw4-88xc-79w6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381608?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.20" } ], "aliases": [ "CVE-2023-3173", "GHSA-chw4-88xc-79w6" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gfgb-su1s-ubaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151057?format=api", "vulnerability_id": "VCID-hhmm-9bdt-fyb5", "summary": "Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2034", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08952", "scoring_system": "epss", "scoring_elements": "0.92779", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.08952", "scoring_system": "epss", "scoring_elements": "0.92806", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.08952", "scoring_system": "epss", "scoring_elements": "0.92804", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2034" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2034", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2034" }, { "reference_url": "https://huntr.dev/bounties/aba6beaa-570e-4523-8128-da4d8e374ef6", "reference_id": "aba6beaa-570e-4523-8128-da4d8e374ef6", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T21:01:22Z/" } ], "url": "https://huntr.dev/bounties/aba6beaa-570e-4523-8128-da4d8e374ef6" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/f36bc61fc74c85a21c8d31448198b11f96eb3bc6", "reference_id": "f36bc61fc74c85a21c8d31448198b11f96eb3bc6", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T21:01:22Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/f36bc61fc74c85a21c8d31448198b11f96eb3bc6" }, { "reference_url": "https://github.com/advisories/GHSA-qwvp-g9j7-28f6", "reference_id": "GHSA-qwvp-g9j7-28f6", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qwvp-g9j7-28f6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379375?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.14" } ], "aliases": [ "CVE-2023-2034", "GHSA-qwvp-g9j7-28f6" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hhmm-9bdt-fyb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/118076?format=api", "vulnerability_id": "VCID-jvvz-9twe-8fb1", "summary": "Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48958", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38415", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38403", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38392", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38218", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48958" }, { "reference_url": "https://github.com/froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48958", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48958" }, { "reference_url": "https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e", "reference_id": "86947633-3e7c-4e10-86cc-92e577761e8e", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T16:40:22Z/" } ], "url": "https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e" }, { "reference_url": "https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a", "reference_id": "fde43f80600f1035e1e3d2297411b666d805549a", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T16:40:22Z/" } ], "url": "https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a" }, { "reference_url": "https://github.com/advisories/GHSA-26xq-m8xw-6373", "reference_id": "GHSA-26xq-m8xw-6373", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-26xq-m8xw-6373" }, { "reference_url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373", "reference_id": "GHSA-26xq-m8xw-6373", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T16:40:22Z/" } ], "url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/378109?format=api", "purl": "pkg:composer/froxlor/froxlor@2.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.2.6" } ], "aliases": [ "CVE-2025-48958", "GHSA-26xq-m8xw-6373" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jvvz-9twe-8fb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80672?format=api", "vulnerability_id": "VCID-nbu9-sey3-w7es", "summary": "Froxlor is open source server administration software. Prior to version 2.3.6, in `EmailSender::add()`, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to `validateLocalDomainOwnership()`. This causes the ownership check to always pass for non-existent \"domains,\" allowing any authenticated customer to add sender aliases for email addresses on domains belonging to other customers. Postfix's `sender_login_maps` then authorizes the attacker to send emails as those addresses. Version 2.3.6 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12259", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12181", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1228", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12274", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41232" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41232", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41232" }, { "reference_url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6", "reference_id": "2.3.6", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:49:29Z/" } ], "url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/77d04badf549d5f8429828f0fbc69bc37a35e07a", "reference_id": "77d04badf549d5f8429828f0fbc69bc37a35e07a", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:49:29Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/77d04badf549d5f8429828f0fbc69bc37a35e07a" }, { "reference_url": "https://github.com/advisories/GHSA-vmjj-qr7v-pxm6", "reference_id": "GHSA-vmjj-qr7v-pxm6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vmjj-qr7v-pxm6" }, { "reference_url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-vmjj-qr7v-pxm6", "reference_id": "GHSA-vmjj-qr7v-pxm6", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:49:29Z/" } ], "url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-vmjj-qr7v-pxm6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41711?format=api", "purl": "pkg:composer/froxlor/froxlor@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46tt-1n8z-xuct" }, { "vulnerability": "VCID-kjsn-vrac-67f9" }, { "vulnerability": "VCID-uyv2-5ka7-pufp" }, { "vulnerability": "VCID-vvvf-273x-s3g8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6" } ], "aliases": [ "CVE-2026-41232", "GHSA-vmjj-qr7v-pxm6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nbu9-sey3-w7es" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70796?format=api", "vulnerability_id": "VCID-rw5a-bgxw-bfbd", "summary": "Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code (== instead of =) completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the panel.adminmail setting. This value is later concatenated into a shell command executed as root by a cron job, where the pipe character | is explicitly whitelisted. The result is full root-level Remote Code Execution. This vulnerability is fixed in 2.3.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26279", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.009", "scoring_system": "epss", "scoring_elements": "0.76198", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.009", "scoring_system": "epss", "scoring_elements": "0.76204", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.009", "scoring_system": "epss", "scoring_elements": "0.76191", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.009", "scoring_system": "epss", "scoring_elements": "0.76119", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26279" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/22249677107f8f39f8d4a238605641e87dab4343", "reference_id": "22249677107f8f39f8d4a238605641e87dab4343", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:12:37Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/22249677107f8f39f8d4a238605641e87dab4343" }, { "reference_url": "https://github.com/froxlor/froxlor/releases/tag/2.3.4", "reference_id": "2.3.4", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:12:37Z/" } ], "url": "https://github.com/froxlor/froxlor/releases/tag/2.3.4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26279", "reference_id": "CVE-2026-26279", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26279" }, { "reference_url": "https://github.com/advisories/GHSA-33mp-8p67-xj7c", "reference_id": "GHSA-33mp-8p67-xj7c", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-33mp-8p67-xj7c" }, { "reference_url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-33mp-8p67-xj7c", "reference_id": "GHSA-33mp-8p67-xj7c", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T16:12:37Z/" } ], "url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-33mp-8p67-xj7c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40093?format=api", "purl": "pkg:composer/froxlor/froxlor@2.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.4" } ], "aliases": [ "CVE-2026-26279", "GHSA-33mp-8p67-xj7c" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rw5a-bgxw-bfbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133459?format=api", "vulnerability_id": "VCID-tk6b-p759-jyfv", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5564", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18716", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18721", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18739", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18558", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5564" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5564", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5564" }, { "reference_url": "https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c", "reference_id": "9254d8f3-a847-4ae8-8477-d2ce027cff5c", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T17:07:19Z/" } ], "url": "https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa", "reference_id": "e8ed43056c1665522a586e3485da67f2bdf073aa", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T17:07:19Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa" }, { "reference_url": "https://github.com/advisories/GHSA-j5hq-6frc-64v3", "reference_id": "GHSA-j5hq-6frc-64v3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j5hq-6frc-64v3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379319?format=api", "purl": "pkg:composer/froxlor/froxlor@2.1.0-dev1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.0-dev1" } ], "aliases": [ "CVE-2023-5564", "GHSA-j5hq-6frc-64v3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tk6b-p759-jyfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80953?format=api", "vulnerability_id": "VCID-tvgb-xmfz-tuf6", "summary": "Froxlor is open source server administration software. Prior to version 2.3.6, in `Domains.add()`, the `adminid` parameter is accepted from user input and used without validation when the calling reseller does not have the `customers_see_all` permission. This allows a reseller to attribute newly created domains to any other admin, bypassing their own domain quota (since the wrong admin's `domains_used` counter is incremented) and potentially exhausting another admin's quota. Version 2.3.6 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17011", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17153", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17167", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17179", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41233" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41233", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41233" }, { "reference_url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6", "reference_id": "2.3.6", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T12:26:17Z/" } ], "url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/bf47ba15329506e9f9662f9462463932aa80dff5", "reference_id": "bf47ba15329506e9f9662f9462463932aa80dff5", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T12:26:17Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/bf47ba15329506e9f9662f9462463932aa80dff5" }, { "reference_url": "https://github.com/advisories/GHSA-jvx4-xv3m-hrj4", "reference_id": "GHSA-jvx4-xv3m-hrj4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jvx4-xv3m-hrj4" }, { "reference_url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-jvx4-xv3m-hrj4", "reference_id": "GHSA-jvx4-xv3m-hrj4", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T12:26:17Z/" } ], "url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-jvx4-xv3m-hrj4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41711?format=api", "purl": "pkg:composer/froxlor/froxlor@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46tt-1n8z-xuct" }, { "vulnerability": "VCID-kjsn-vrac-67f9" }, { "vulnerability": "VCID-uyv2-5ka7-pufp" }, { "vulnerability": "VCID-vvvf-273x-s3g8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6" } ], "aliases": [ "CVE-2026-41233", "GHSA-jvx4-xv3m-hrj4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tvgb-xmfz-tuf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/212215?format=api", "vulnerability_id": "VCID-u4pt-mr2z-j3f2", "summary": "Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD>", "references": [ { "reference_url": "https://github.com/froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/Froxlor" }, { "reference_url": "https://github.com/froxlor/Froxlor/blob/2.1.9/lib/configfiles/bookworm.xml#L3075", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/Froxlor/blob/2.1.9/lib/configfiles/bookworm.xml#L3075" }, { "reference_url": "https://github.com/froxlor/Froxlor/commit/5d2ce4ecfb0e9c397ef5c73b107fb9a0e122e910", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/Froxlor/commit/5d2ce4ecfb0e9c397ef5c73b107fb9a0e122e910" }, { "reference_url": "https://github.com/advisories/GHSA-34qg-65m4-f23m", "reference_id": "GHSA-34qg-65m4-f23m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-34qg-65m4-f23m" }, { "reference_url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-34qg-65m4-f23m", "reference_id": "GHSA-34qg-65m4-f23m", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-34qg-65m4-f23m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33112?format=api", "purl": "pkg:composer/froxlor/froxlor@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.2.0" } ], "aliases": [ "GHSA-34qg-65m4-f23m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u4pt-mr2z-j3f2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151443?format=api", "vulnerability_id": "VCID-vbvy-j84s-zygu", "summary": "Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3172", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53797", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53813", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53671", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3172" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3172", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3172" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e", "reference_id": "da810ea95393dfaec68a70e30b7c887c50563a7e", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:12:19Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e" }, { "reference_url": "https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e", "reference_id": "e50966cd-9222-46b9-aedc-1feb3f2a0b0e", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:12:19Z/" } ], "url": "https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e" }, { "reference_url": "https://github.com/advisories/GHSA-ghqq-jfx7-f6m9", "reference_id": "GHSA-ghqq-jfx7-f6m9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ghqq-jfx7-f6m9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381608?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.20" } ], "aliases": [ "CVE-2023-3172", "GHSA-ghqq-jfx7-f6m9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vbvy-j84s-zygu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80698?format=api", "vulnerability_id": "VCID-w7xv-k4rd-v7bq", "summary": "Froxlor is open source server administration software. Prior to version 2.3.6, `DataDump.add()` constructs the export destination path from user-supplied input without passing the `$fixed_homedir` parameter to `FileDir::makeCorrectDir()`, bypassing the symlink validation that was added to all other customer-facing path operations (likely as the fix for CVE-2023-6069). When the ExportCron runs as root, it executes `chown -R` on the resolved symlink target, allowing a customer to take ownership of arbitrary directories on the system. Version 2.3.6 contains an updated fix.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24972", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25172", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30399", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30411", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41231" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41231", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41231" }, { "reference_url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6", "reference_id": "2.3.6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:48:21Z/" } ], "url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/2987b0e8806ef12b532410050ad76d13d673a87d", "reference_id": "2987b0e8806ef12b532410050ad76d13d673a87d", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:48:21Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/2987b0e8806ef12b532410050ad76d13d673a87d" }, { "reference_url": "https://github.com/advisories/GHSA-75h4-c557-j89r", "reference_id": "GHSA-75h4-c557-j89r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-75h4-c557-j89r" }, { "reference_url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-75h4-c557-j89r", "reference_id": "GHSA-75h4-c557-j89r", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-23T14:48:21Z/" } ], "url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-75h4-c557-j89r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41711?format=api", "purl": "pkg:composer/froxlor/froxlor@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46tt-1n8z-xuct" }, { "vulnerability": "VCID-kjsn-vrac-67f9" }, { "vulnerability": "VCID-uyv2-5ka7-pufp" }, { "vulnerability": "VCID-vvvf-273x-s3g8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.3.6" } ], "aliases": [ "CVE-2026-41231", "GHSA-75h4-c557-j89r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w7xv-k4rd-v7bq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/146649?format=api", "vulnerability_id": "VCID-x93s-u6kq-fbbe", "summary": "Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18894", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18888", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18731", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18912", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50256" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4", "reference_id": "289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-09T15:34:46Z/" } ], "url": "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4" }, { "reference_url": "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac", "reference_id": "4b1846883d4828962add91bd844596d89a9c7cac", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-09T15:34:46Z/" } ], "url": "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50256", "reference_id": "CVE-2023-50256", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50256" }, { "reference_url": "https://github.com/advisories/GHSA-625g-fm5w-w7w4", "reference_id": "GHSA-625g-fm5w-w7w4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-625g-fm5w-w7w4" }, { "reference_url": "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4", "reference_id": "GHSA-625g-fm5w-w7w4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-09T15:34:46Z/" } ], "url": "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28269?format=api", "purl": "pkg:composer/froxlor/froxlor@2.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.2" } ], "aliases": [ "CVE-2023-50256", "GHSA-625g-fm5w-w7w4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x93s-u6kq-fbbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144856?format=api", "vulnerability_id": "VCID-xpgs-hpf3-3qff", "summary": "Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1307", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.65307", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.65416", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.65407", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.65418", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1307" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1307", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1307" }, { "reference_url": "https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1", "reference_id": "5fe85af4-a667-41a9-a00d-f99e07c5e2f1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-28T17:05:24Z/" } ], "url": "https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23", "reference_id": "6777fbf229200f4fd566022e186548391219ab23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-28T17:05:24Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23" }, { "reference_url": "https://github.com/advisories/GHSA-j83x-r9qq-9g4v", "reference_id": "GHSA-j83x-r9qq-9g4v", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j83x-r9qq-9g4v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380998?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-44fu-9q5x-uuf8" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-f15s-unrj-57ax" }, { "vulnerability": "VCID-gfgb-su1s-ubaj" }, { "vulnerability": "VCID-hhmm-9bdt-fyb5" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-vbvy-j84s-zygu" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" }, { "vulnerability": "VCID-zrvp-d87z-p7dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.13" } ], "aliases": [ "CVE-2023-1307", "GHSA-j83x-r9qq-9g4v" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xpgs-hpf3-3qff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140366?format=api", "vulnerability_id": "VCID-y4zg-wf1d-4bcm", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4829", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21984", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21972", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21996", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21795", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4829" }, { "reference_url": "https://github.com/Froxlor/Froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Froxlor/Froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4829", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4829" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d", "reference_id": "4711a414360782fe4fc94f7c25027077cbcdf73d", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T17:04:26Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d" }, { "reference_url": "https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b", "reference_id": "babd73ca-6c80-4145-8c7d-33a883fe606b", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T17:04:26Z/" } ], "url": "https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b" }, { "reference_url": "https://github.com/advisories/GHSA-cvwv-h85m-w37h", "reference_id": "GHSA-cvwv-h85m-w37h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cvwv-h85m-w37h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379183?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.22" } ], "aliases": [ "CVE-2023-4829", "GHSA-cvwv-h85m-w37h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y4zg-wf1d-4bcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/358320?format=api", "vulnerability_id": "VCID-yqdf-v5wf-j3bj", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6069", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56855", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56975", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.5699", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56981", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6069" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc" }, { "reference_url": "https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6069", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6069" }, { "reference_url": "https://github.com/advisories/GHSA-4jch-8qq5-hqg6", "reference_id": "GHSA-4jch-8qq5-hqg6", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4jch-8qq5-hqg6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381051?format=api", "purl": "pkg:composer/froxlor/froxlor@2.1.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/381932?format=api", "purl": "pkg:composer/froxlor/froxlor@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.1.0" } ], "aliases": [ "CVE-2023-6069", "GHSA-4jch-8qq5-hqg6" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yqdf-v5wf-j3bj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151505?format=api", "vulnerability_id": "VCID-zrvp-d87z-p7dy", "summary": "Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28011", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28225", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28211", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28234", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3668" }, { "reference_url": "https://github.com/froxlor/froxlor", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/froxlor/froxlor" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3668", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3668" }, { "reference_url": "https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965", "reference_id": "03b5a921ff308eeab21bf9d240f27783c8591965", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:31:42Z/" } ], "url": "https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965" }, { "reference_url": "https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e", "reference_id": "df8cccf4-a340-440e-a7e0-1b42e757d66e", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-28T20:31:42Z/" } ], "url": "https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e" }, { "reference_url": "https://github.com/advisories/GHSA-c6v5-pf66-xfq8", "reference_id": "GHSA-c6v5-pf66-xfq8", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c6v5-pf66-xfq8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381578?format=api", "purl": "pkg:composer/froxlor/froxlor@2.0.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rwn-9phn-kkb4" }, { "vulnerability": "VCID-38ph-pcue-zydu" }, { "vulnerability": "VCID-7e6h-qe19-jken" }, { "vulnerability": "VCID-9t9n-1hhp-3yga" }, { "vulnerability": "VCID-atns-wuzm-kqh2" }, { "vulnerability": "VCID-dptm-3z1r-bubj" }, { "vulnerability": "VCID-ebbm-gvf6-xfbd" }, { "vulnerability": "VCID-jvvz-9twe-8fb1" }, { "vulnerability": "VCID-nbu9-sey3-w7es" }, { "vulnerability": "VCID-rw5a-bgxw-bfbd" }, { "vulnerability": "VCID-tk6b-p759-jyfv" }, { "vulnerability": "VCID-tvgb-xmfz-tuf6" }, { "vulnerability": "VCID-u4pt-mr2z-j3f2" }, { "vulnerability": "VCID-w7xv-k4rd-v7bq" }, { "vulnerability": "VCID-x93s-u6kq-fbbe" }, { "vulnerability": "VCID-y4zg-wf1d-4bcm" }, { "vulnerability": "VCID-yqdf-v5wf-j3bj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.21" } ], "aliases": [ "CVE-2023-3668", "GHSA-c6v5-pf66-xfq8" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zrvp-d87z-p7dy" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/froxlor/froxlor@2.0.12" }