2 matches found
Froxlor: BIND Zone File Injection via TXT Record Content
Summary The DomainZones.add API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record line in the generated BIND zone file. This enables injection of arbitra...
EUVD-2026-14964
Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API...