Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-p627-qr92-mkdp
Vulnerability ID VCID-p627-qr92-mkdp
Aliases CVE-2022-3017
GHSA-9xgp-3mxp-rv7x
Summary Froxlor vulnerable to Cross-Site Request Forgery (CSRF)
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-3017
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2022-3017
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-9xgp-3mxp-rv7x
cvssv3.1 6.5 https://github.com/Froxlor/Froxlor
generic_textual MODERATE https://github.com/Froxlor/Froxlor
cvssv3.1 6.5 https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a
generic_textual MODERATE https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a
cvssv3.1 6.5 https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0
generic_textual MODERATE https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3017
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2022-3017
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-3017
https://github.com/Froxlor/Froxlor
https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a
https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0
CVE-2022-3017 https://nvd.nist.gov/vuln/detail/CVE-2022-3017
GHSA-9xgp-3mxp-rv7x https://github.com/advisories/GHSA-9xgp-3mxp-rv7x
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/Froxlor/Froxlor
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/froxlor/froxlor/commit/bbe82286aae21328668f24857995a67598fe978a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://huntr.dev/bounties/5250c4b1-132b-4da6-9bd6-db36cb56bea0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3017
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.29031
EPSS Score 0.0011
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:32:06.271825+00:00 GHSA Importer Import https://github.com/advisories/GHSA-9xgp-3mxp-rv7x 38.6.0