MAL-2024-137 Malicious code in froxlor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 445e6f97a516e090b04dc5969fbc1472e2c740461dec0b7769bbe76e5d3b6326 The OpenSSF Package Analysis project identified 'froxlor' @ 19.0.4 npm as malicious. It is considered malicious because: - The package...

Improper Input Validation

froxlor/froxlor is vulnerable to Improper Input Validation. The vulnerability is due to validation.js which does not effectively handle whitespace inputs in the form fields, which allowed users to escape the mandatory field checks...

Froxlor username/surname AND company field Bypass

Dear Sirs and Madams, I would like to report a business logic error vulnerability that I discovered during my recent penetration test on Froxlor. Specifically, I identified an issue where it was possible to submit the registration form with the essential fields, such as the username and password,...

GHSA-625G-FM5W-W7W4 Froxlor username/surname AND company field Bypass

Dear Sirs and Madams, I would like to report a business logic error vulnerability that I discovered during my recent penetration test on Froxlor. Specifically, I identified an issue where it was possible to submit the registration form with the essential fields, such as the username and password,...

CVE-2023-50256

Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements...

Design/Logic Flaw

Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements...

CVE-2023-50256 Froxlor username/surname AND company field Bypass

Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements...

CVE-2023-50256 Froxlor username/surname AND company field Bypass

Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements...

CVE-2023-50256

CVE-2023-50256 affects Froxlor open-source server administration software. Prior to version 2.1.2, the registration form allowed essential fields (e.g., username, password) to be submitted blank, bypassing mandatory field requirements such as surname and company name. This vulnerability could ena...

CVE-2023-50256 Froxlor username/surname AND company field Bypass

Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements...

Froxlor Input Validation Error Vulnerability

Froxlor is a suite of lightweight server management software from the Froxlor team. An input validation error vulnerability exists in versions of Froxlor prior to 2.1.2, which originated from a vulnerability that allows an attacker to bypass system restrictions by leaving basic fields of the...

Privilege Escalation

froxlor/froxlor is vulnerable to Privilege Escalation. The vulnerability is caused by improper handling of symbolic links. An attacker could write arbitrary data to the home directory and escalate privileges...

SUSE CVE-2023-6069

Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0...

GHSA-4JCH-8QQ5-HQG6 Froxlor Improper Input Validation vulnerability

Improper Input Validation in GitHub repository froxlor/froxlor prior to 2.1.0-beta1...

CVE-2023-6069

Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0...

CVE-2023-6069

Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0...

CVE-2023-6069 Improper Link Resolution Before File Access in froxlor/froxlor

Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0...

CVE-2023-6069

Froxlor (froxlor/froxlor) is affected by CVE-2023-6069 due to an Improper Link Resolution Before File Access in versions prior to 2.1.0. The underlying issue is in how links are resolved before file access, enabling high-impact outcomes per NVD and CNA metrics. Reported CVSS v3.1 base scores indi...

Froxlor Backlink Vulnerability

Froxlor is a lightweight server management software from the Froxlor team. A backlink vulnerability exists in Froxlor versions prior to 2.1.0 that stems from the presence of an improper input validation vulnerability...

PT-2023-32495 · Froxlor · Froxlor

Name of the Vulnerable Software and Affected Versions: froxlor versions prior to 2.1.0 Description: The issue is related to improper input validation in the GitHub repository froxlor/froxlor. This can lead to potential security risks. Recommendations: For versions prior to 2.1.0, update to versio...