Home/Product/froxlor
Product

froxlor

47 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-41233
< 2.3.6
Froxlor is open source server administration software. Prior to version 2.3.6, in Domains.add(), the adminid parameter is acce
5.4MEDIUM
 CVE-2026-41232
< 2.3.6
Froxlor is open source server administration software. Prior to version 2.3.6, in EmailSender::add(), the domain ownership valid
5.0MEDIUM
 CVE-2026-41231
< 2.3.6
Froxlor is open source server administration software. Prior to version 2.3.6, DataDump.add() constructs the export destination
7.5HIGH
 CVE-2026-41230
< 2.3.6
Froxlor is open source server administration software. Prior to version 2.3.6, DomainZones::add() accepts arbitrary DNS record t
8.5HIGH
 CVE-2026-41229
< 2.3.6
Froxlor is open source server administration software. Prior to version 2.3.6, PhpHelper::parseArrayToString() writes string val
9.1CRITICAL
 CVE-2026-41228
< 2.3.6
Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpoint Customers.update (and `A
9.9CRITICAL
 CVE-2026-30932
< 2.3.5
Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint (accessible to cus
8.8HIGH
 CVE-2026-26279
< 2.3.4
Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code (== instead of =)
9.1CRITICAL
 CVE-2025-48958
< 2.2.6
Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer acc
5.5MEDIUM
 CVE-2025-29773
all versions
Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers
5.8MEDIUM
 CVE-2023-50256
< 2.1.2
Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form wit
7.5HIGH
 CVE-2023-6069
< 2.1.0
Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.
9.9CRITICAL
 CVE-2023-4829
< 2.0.22
Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.
5.4MEDIUM
 CVE-2023-5564
< 2.1.0
Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1.
4.8MEDIUM
 CVE-2023-4304
< 2.0.22
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.
3.8LOW
 CVE-2023-3668
< 2.0.21
Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.
7.2HIGH
 CVE-2023-3192
< 2.1.0
Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.
5.4MEDIUM
 CVE-2023-3173
< 2.0.20
Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20.
9.8CRITICAL
 CVE-2023-3172
< 2.0.20
Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.
7.2HIGH
 CVE-2023-2666
< 2.0.16
Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16.
7.5HIGH
 CVE-2023-2034
< 2.0.14
Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.
8.8HIGH
 CVE-2023-1307
< 2.0.13
Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.
9.8CRITICAL
 CVE-2023-1033
< 2.0.11
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11.
8.8HIGH
 CVE-2023-0877
< 2.0.11
Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.
8.8HIGH
 CVE-2023-0671
< 2.0.10
Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.
8.8HIGH
 CVE-2023-0572
< 2.0.10
Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.
5.3MEDIUM
 CVE-2023-0566
< 2.0.10
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.
6.2MEDIUM
 CVE-2023-0565
< 2.0.10
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.
5.5MEDIUM
 CVE-2023-0564
< 2.0.10
Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.
5.4MEDIUM
 CVE-2023-0316
< 2.0.0
Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0.
5.5MEDIUM
 CVE-2023-0315
< 2.0.8
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
8.8HIGH
 CVE-2022-4868
<= 0.10.38.3
Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
4.3MEDIUM
 CVE-2022-4867
<= 0.10.38.3
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
4.3MEDIUM
 CVE-2022-4864
<= 0.10.38.3
Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
5.4MEDIUM
 CVE-2022-3869
< 0.10.38.2
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.
6.1MEDIUM
 CVE-2022-3721
< 0.10.39
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.
4.6MEDIUM
 CVE-2022-3017
< 0.10.38
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.
6.5MEDIUM
 CVE-2020-29653
<= 0.10.22
Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this para
6.1MEDIUM
 CVE-2020-28957
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbi
5.4MEDIUM
 CVE-2021-42325
< 0.10.30
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.
9.8CRITICAL
 CVE-2020-10237
<= 0.10.15
An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in
5.5MEDIUM
 CVE-2020-10236
< 0.10.14
An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installat
6.1MEDIUM
 CVE-2020-10235
< 0.10.14
An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed ar
8.8HIGH
 CVE-2018-1000527
<= 0.9.39.5
Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible informat
7.2HIGH
 CVE-2018-12642
<= 0.9.39.5
Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user.
7.5HIGH
 CVE-2015-5959
<= 0.9.33.1
Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by readi
9.8CRITICAL
 CVE-2016-5100
<= 0.9.34.2
Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess
9.8CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin