CVE-2026-41231

Froxlor prior to 2.3.6 has an incomplete symlink validation in DataDump.add() that uses user-supplied input to build the export path without passing fixed_homedir to FileDir::makeCorrectDir(), bypassing the symlink checks added elsewhere. When ExportCron runs as root, it performs chown -R on the ...

Incorrect Authorization

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Incorrect Authorization in the Domains.add process. An attacker can bypass domain quota restrictions and exhaust another admin's quota by specifying an arbitrary adminid parameter whe...

CVE-2023-4304

Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0...

CVE-2023-50256

Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements...

EUVD-2022-2781

Malicious code in bioql PyPI...

EUVD-2024-0264

Malicious code in bioql PyPI...

EUVD-2024-1850

Malicious code in bioql PyPI...

CVE-2025-48958

Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by...

CVE-2025-48958 Froxlor has an HTML Injection Vulnerability

Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by...

CVE-2025-48958

CVE-2025-48958 affects Froxlor before version 2.2.6, where an HTML Injection vulnerability in the Customer Account Portal (email section) allows injected HTML via user input in the domain field. Adversaries can cause phishing-style redirects to external sites, enabling credential theft and reputa...

CVE-2025-29773

Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users such as resellers or customers to create accounts with the same email address as an existing account. This creates potential issues with account identification and security. This...

Froxlor Backlink Vulnerability

Froxlor is a lightweight server management software from the Froxlor team. A backlink vulnerability exists in Froxlor versions prior to 2.1.0 that stems from the presence of an improper input validation vulnerability...

PT-2023-30762 · Froxlor · Froxlor

Name of the Vulnerable Software and Affected Versions: froxlor/froxlor versions prior to 2.0.22 Description: The issue is related to Cross-site Scripting XSS - Stored, which affects the GitHub repository froxlor/froxlor. Recommendations: For versions prior to 2.0.22, update to version 2.0.22 or...

Froxlor Command Execution Vulnerability

Froxlor is a set of lightweight server management software from the Froxlor team. A command execution vulnerability exists in versions prior to froxlor 2.0.21 that stems from an output encoding or escaping error. An attacker can exploit the vulnerability to cause command execution...

PT-2023-25676 · Froxlor · Froxlor

Name of the Vulnerable Software and Affected Versions: froxlor versions prior to 2.0.21 Description: The issue is related to improper encoding or escaping of output in the GitHub repository froxlor/froxlor. Recommendations: For versions prior to 2.0.21, update to version 2.0.21 or later to resolv...

CVE-2023-0316 Path Traversal: '\..\filename' in froxlor/froxlor

Path Traversal: '..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0...

PT-2022-20019 · Froxlor · Froxlor

Name of the Vulnerable Software and Affected Versions: froxlor versions prior to 0.10.38 Description: The issue is related to Cross-Site Request Forgery CSRF in the GitHub repository froxlor/froxlor. CSRF is an attack that tricks a user into performing unintended actions on a web application that...