661 matches found
CVE-2026-26279
Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code == instead of = completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the...
CVE-2026-26279
CVE-2026-26279 affects Froxlor before 2.3.4. A typo in input validation (using == instead of =) prevents email fields from being validated, allowing an authenticated admin to store arbitrary strings in panel_adminmail. That value is later interpolated into a shell command executed as root by a cr...
EUVD-2026-9340
Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code == instead of = completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the...
CVE-2026-26279 Froxlor Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection
Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code == instead of = completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the...
CVE-2026-26279 Froxlor Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection
Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code == instead of = completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the...
GHSA-33MP-8P67-XJ7C Froxlor has Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection
Summary A typo in Froxlor's input validation code == instead of = completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings — including shell metacharacters — in the panel.adminmail setting. This value i...
Comparing instead of Assigning
Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Comparing instead of Assigning via improper input validation in the validateFormFieldEmail function. An attacker can achieve root-level command execution by injecting shell...
Froxlor has Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection
Summary A typo in Froxlor's input validation code == instead of = completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings — including shell metacharacters — in the panel.adminmail setting. This value i...
Froxlor 安全漏洞
Froxlor is a set of lightweight server management software developed by the Froxlor team. Versions of Froxlor prior to 2.3.4 contained security vulnerabilities. These vulnerabilities stemmed from spelling errors in the input validation code, which completely disabled email format checks. This...
PT-2026-22840
Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 2.3.4 Description Froxlor is open source server administration software. A flaw in the input validation code, specifically a typo where '==' was used instead of '=', disables email format checking for settings fields...
Cross-site Scripting (XSS)
Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the customer registration input fields. An attacker can execute arbitrary scripts in the context of an administrator's browser by injecting malicious...
CVE-2020-36978
Froxlor Server Management Panel 0.10.16 is affected by a persistent Cross-Site Scripting (XSS) vulnerability in the customer registration input fields. An attacker can inject malicious scripts via the username, name, or firstname parameters, which are then executed in the administrator’s browser ...
CVE-2020-36978
Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administrators view customer traffic modules...
EUVD-2020-30871
Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administrators view customer traffic modules...
CVE-2020-36978 Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting
Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administrators view customer traffic modules...
CVE-2020-36978 Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting
Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administrators view customer traffic modules...
Froxlor cross-site scripting vulnerabilities
Froxlor is a set of lightweight server management software developed by the Froxlor team. Version 0.10.16 of Froxlor contains a cross-site scripting vulnerability, which stems from improper cleaning of customer registration input fields. This vulnerability may lead to storage-based cross-site...
CVE-2023-4304
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0...
CVE-2018-12642
Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user...
CVE-2020-10237
An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time,...