Vulnerabilidades en froxlor
43 resultadosCVE-2026-41228CRITICALFroxlor has Local File Inclusion via path traversal in API `def_language` parameter that leads to Remote Code ExecutionEPSS 0.5%CVE-2026-41229CRITICALFroxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API)EPSS 0.5%CVE-2022-4864MEDIUM Argument Injection in froxlor/froxlorEPSS 0.5%CVE-2023-4304LOWBusiness Logic Errors in froxlor/froxlorEPSS 0.5%CVE-2023-0564MEDIUMWeak Password Requirements in froxlor/froxlorEPSS 0.5%CVE-2023-0566MEDIUMImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlorEPSS 0.4%CVE-2023-3192MEDIUMSession Fixation in froxlor/froxlorEPSS 0.4%CVE-2026-41231HIGHFroxlor has Incomplete Symlink Validation in DataDump.add() that Allows Arbitrary Directory Ownership Takeover via CronEPSS 0.4%CVE-2023-4829MEDIUMCross-site Scripting (XSS) - Stored in froxlor/froxlorEPSS 0.4%CVE-2023-5564MEDIUMCross-site Scripting (XSS) - Stored in froxlor/froxlorEPSS 0.4%CVE-2026-41236HIGHFroxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` pathEPSS 0.4%CVE-2022-3017MEDIUMCross-Site Request Forgery (CSRF) in froxlor/froxlorEPSS 0.4%CVE-2026-41230HIGHFroxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add()EPSS 0.3%CVE-2022-4867LOWCross-Site Request Forgery (CSRF) in froxlor/froxlorEPSS 0.3%CVE-2023-1033MEDIUMCross-Site Request Forgery (CSRF) in froxlor/froxlorEPSS 0.3%CVE-2020-36978MEDIUMFroxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site ScriptingEPSS 0.3%CVE-2025-48958MEDIUMFroxlor has an HTML Injection VulnerabilityEPSS 0.3%CVE-2025-29773MEDIUMFroxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account TakeoverEPSS 0.3%CVE-2026-41234HIGHFroxlor: BIND Zone File Injection via TXT Record ContentEPSS 0.3%CVE-2026-41237HIGHFroxlor has an incomplete fix for CVE-2026-30932EPSS 0.3%