Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-nf6w-t7ew-ryde
Vulnerability ID VCID-nf6w-t7ew-ryde
Aliases CVE-2023-1033
GHSA-p7qq-rrvw-x55x
Summary Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2023-1033
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2023-1033
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-p7qq-rrvw-x55x
cvssv3.1 8.8 https://github.com/froxlor/froxlor
generic_textual HIGH https://github.com/froxlor/froxlor
cvssv3 6.8 https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950
cvssv3.1 8.8 https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950
generic_textual HIGH https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950
ssvc Track https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950
cvssv3 6.8 https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387
cvssv3.1 8.8 https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387
generic_textual HIGH https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387
ssvc Track https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-1033
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-1033
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-1033
https://github.com/froxlor/froxlor
https://nvd.nist.gov/vuln/detail/CVE-2023-1033
4003a8d2b60728a77476d1d4f5aa5c635f128950 https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950
ba3cd929-8b60-4d8d-b77d-f28409ecf387 https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387
GHSA-p7qq-rrvw-x55x https://github.com/advisories/GHSA-p7qq-rrvw-x55x
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/froxlor/froxlor
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H Found at https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:36:54Z/ Found at https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H Found at https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:36:54Z/ Found at https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-1033
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.42976
EPSS Score 0.00206
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:27:03.859324+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2023/1xxx/CVE-2023-1033.json 38.6.0