CVE-2020-29653
CVE-2020-29653 affects Froxlor up to version 0.10.22. The issue arises from lack of validation for the customermail GET parameter, whose value is reflected on the login page, allowing injection of arbitrary HTML tags (HTML injection / cross-site scripting). The available connected documents confi...