Search

Find a vulnerability

Search criteria

    52 vulnerabilities found for froxlor/froxlor by froxlor

    CVE-2023-6069 (GCVE-0-2023-6069)

    Vulnerability from nvd – Published: 2023-11-10 00:00 – Updated: 2024-08-02 08:21
    VLAI
    Title
    Improper Link Resolution Before File Access in froxlor/froxlor
    Summary
    Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.1.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:21:17.449Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eImproper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.\u003c/p\u003e"
                }
              ],
              "value": "Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-16T21:10:57.491Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc"
            }
          ],
          "source": {
            "advisory": "aac0627e-e59d-476e-9385-edb7ff53758c",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Link Resolution Before File Access in froxlor/froxlor",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntr_ai",
        "cveId": "CVE-2023-6069",
        "datePublished": "2023-11-10T00:00:32.765Z",
        "dateReserved": "2023-11-10T00:00:12.624Z",
        "dateUpdated": "2024-08-02T08:21:17.449Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4829 (GCVE-0-2023-4829)

    Vulnerability from nvd – Published: 2023-10-13 12:24 – Updated: 2024-09-17 17:05
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in froxlor/froxlor
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.22 (custom)
    Create a notification for this product.
    froxlor froxlor Affected: 0 , < 2.0.22 (custom)
        cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:38:00.692Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "froxlor",
                "vendor": "froxlor",
                "versions": [
                  {
                    "lessThan": "2.0.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4829",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-17T17:04:26.707923Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T17:05:37.681Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-13T12:24:05.277Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d"
            }
          ],
          "source": {
            "advisory": "babd73ca-6c80-4145-8c7d-33a883fe606b",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-4829",
        "datePublished": "2023-10-13T12:24:05.277Z",
        "dateReserved": "2023-09-08T00:00:07.307Z",
        "dateUpdated": "2024-09-17T17:05:37.681Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5564 (GCVE-0-2023-5564)

    Vulnerability from nvd – Published: 2023-10-13 00:00 – Updated: 2024-09-17 17:08
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in froxlor/froxlor
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.1.0-dev1 (custom)
    Create a notification for this product.
    froxlor froxlor Affected: 0 , < 2.1.0-dev1 (custom)
        cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.835Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "froxlor",
                "vendor": "froxlor",
                "versions": [
                  {
                    "lessThan": "2.1.0-dev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5564",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-17T17:07:19.123189Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T17:08:03.569Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.1.0-dev1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-13T00:00:19.626Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa"
            }
          ],
          "source": {
            "advisory": "9254d8f3-a847-4ae8-8477-d2ce027cff5c",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5564",
        "datePublished": "2023-10-13T00:00:19.626Z",
        "dateReserved": "2023-10-13T00:00:06.686Z",
        "dateUpdated": "2024-09-17T17:08:03.569Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4304 (GCVE-0-2023-4304)

    Vulnerability from nvd – Published: 2023-08-11 00:00 – Updated: 2024-10-04 13:06
    VLAI
    Title
    Business Logic Errors in froxlor/froxlor
    Summary
    Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.22,2.1.0 (custom)
    Create a notification for this product.
    Credits
    Ahmed Hassan (ahmedvienna) Josef Hassan (josefjku)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:24:04.620Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4304",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T13:04:29.535523Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T13:06:39.118Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.22,2.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Ahmed Hassan (ahmedvienna)"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Josef Hassan (josefjku)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eBusiness Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.\u003c/p\u003e"
                }
              ],
              "value": "Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-840",
                  "description": "CWE-840 Business Logic Errors",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-18T10:13:29.779Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597"
            }
          ],
          "source": {
            "advisory": "59fe5037-b253-4b0f-be69-1d2e4af8b4a9",
            "discovery": "EXTERNAL"
          },
          "title": "Business Logic Errors in froxlor/froxlor",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-4304",
        "datePublished": "2023-08-11T00:00:20.247Z",
        "dateReserved": "2023-08-11T00:00:07.158Z",
        "dateUpdated": "2024-10-04T13:06:39.118Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3668 (GCVE-0-2023-3668)

    Vulnerability from nvd – Published: 2023-07-14 00:00 – Updated: 2024-10-28 20:36
    VLAI
    Title
    Improper Encoding or Escaping of Output in froxlor/froxlor
    Summary
    Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-116 - Improper Encoding or Escaping of Output
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.21 (custom)
    Create a notification for this product.
    froxlor froxlor Affected: 0 , < 2.0.21 (custom)
        cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:01:57.327Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "froxlor",
                "vendor": "froxlor",
                "versions": [
                  {
                    "lessThan": "2.0.21",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3668",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T20:31:42.683584Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T20:36:00.527Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.21",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-116",
                  "description": "CWE-116 Improper Encoding or Escaping of Output",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-14T00:00:19.815Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965"
            }
          ],
          "source": {
            "advisory": "df8cccf4-a340-440e-a7e0-1b42e757d66e",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Encoding or Escaping of Output in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3668",
        "datePublished": "2023-07-14T00:00:19.815Z",
        "dateReserved": "2023-07-14T00:00:06.988Z",
        "dateUpdated": "2024-10-28T20:36:00.527Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3192 (GCVE-0-2023-3192)

    Vulnerability from nvd – Published: 2023-06-11 00:00 – Updated: 2025-01-06 17:04
    VLAI
    Title
    Session Fixation in froxlor/froxlor
    Summary
    Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.1.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.302Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3192",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-06T17:04:10.411183Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-06T17:04:25.248Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-384",
                  "description": "CWE-384 Session Fixation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-11T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52"
            }
          ],
          "source": {
            "advisory": "f3644772-9c86-4f55-a0fa-aeb11f411551",
            "discovery": "EXTERNAL"
          },
          "title": "Session Fixation in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3192",
        "datePublished": "2023-06-11T00:00:00.000Z",
        "dateReserved": "2023-06-11T00:00:00.000Z",
        "dateUpdated": "2025-01-06T17:04:25.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3173 (GCVE-0-2023-3173)

    Vulnerability from nvd – Published: 2023-06-09 00:00 – Updated: 2025-01-06 17:11
    VLAI
    Title
    Improper Restriction of Excessive Authentication Attempts in froxlor/froxlor
    Summary
    Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.20 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:07.538Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3173",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-06T17:11:52.944889Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-06T17:11:57.332Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-09T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6"
            }
          ],
          "source": {
            "advisory": "4d715f76-950d-4251-8139-3dffea798f14",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Restriction of Excessive Authentication Attempts in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3173",
        "datePublished": "2023-06-09T00:00:00.000Z",
        "dateReserved": "2023-06-09T00:00:00.000Z",
        "dateUpdated": "2025-01-06T17:11:57.332Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3172 (GCVE-0-2023-3172)

    Vulnerability from nvd – Published: 2023-06-09 00:00 – Updated: 2025-01-06 17:12
    VLAI
    Title
    Path Traversal in froxlor/froxlor
    Summary
    Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.20 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:07.341Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3172",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-06T17:12:19.422769Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-06T17:12:23.267Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-09T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e"
            }
          ],
          "source": {
            "advisory": "e50966cd-9222-46b9-aedc-1feb3f2a0b0e",
            "discovery": "EXTERNAL"
          },
          "title": "Path Traversal in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3172",
        "datePublished": "2023-06-09T00:00:00.000Z",
        "dateReserved": "2023-06-09T00:00:00.000Z",
        "dateUpdated": "2025-01-06T17:12:23.267Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2666 (GCVE-0-2023-2666)

    Vulnerability from nvd – Published: 2023-05-12 00:00 – Updated: 2025-01-24 15:59
    VLAI
    Title
    Allocation of Resources Without Limits or Throttling in froxlor/froxlor
    Summary
    Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:26:09.761Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/0bbdc9d4-d9dc-4490-93ef-0a83b451a20f"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/1679675aa1c29d24344dd2e091ff252accb111d6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2666",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T15:58:44.251136Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T15:59:16.468Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-12T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/0bbdc9d4-d9dc-4490-93ef-0a83b451a20f"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/1679675aa1c29d24344dd2e091ff252accb111d6"
            }
          ],
          "source": {
            "advisory": "0bbdc9d4-d9dc-4490-93ef-0a83b451a20f",
            "discovery": "EXTERNAL"
          },
          "title": "Allocation of Resources Without Limits or Throttling in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2666",
        "datePublished": "2023-05-12T00:00:00.000Z",
        "dateReserved": "2023-05-12T00:00:00.000Z",
        "dateUpdated": "2025-01-24T15:59:16.468Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2034 (GCVE-0-2023-2034)

    Vulnerability from nvd – Published: 2023-04-14 00:00 – Updated: 2025-02-06 21:01
    VLAI
    Title
    Unrestricted Upload of File with Dangerous Type in froxlor/froxlor
    Summary
    Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.14 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:12:19.833Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/aba6beaa-570e-4523-8128-da4d8e374ef6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/f36bc61fc74c85a21c8d31448198b11f96eb3bc6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2034",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T21:01:22.694728Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T21:01:27.259Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.14",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-14T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/aba6beaa-570e-4523-8128-da4d8e374ef6"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/f36bc61fc74c85a21c8d31448198b11f96eb3bc6"
            }
          ],
          "source": {
            "advisory": "aba6beaa-570e-4523-8128-da4d8e374ef6",
            "discovery": "EXTERNAL"
          },
          "title": "Unrestricted Upload of File with Dangerous Type in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2034",
        "datePublished": "2023-04-14T00:00:00.000Z",
        "dateReserved": "2023-04-14T00:00:00.000Z",
        "dateUpdated": "2025-02-06T21:01:27.259Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1307 (GCVE-0-2023-1307)

    Vulnerability from nvd – Published: 2023-03-10 00:00 – Updated: 2025-02-28 17:06
    VLAI
    Title
    Authentication Bypass by Primary Weakness in froxlor/froxlor
    Summary
    Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-305 - Authentication Bypass by Primary Weakness
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.13 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:40:59.799Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1307",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T17:05:24.223544Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T17:06:06.135Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.13",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "CWE-305 Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-10T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23"
            }
          ],
          "source": {
            "advisory": "5fe85af4-a667-41a9-a00d-f99e07c5e2f1",
            "discovery": "EXTERNAL"
          },
          "title": "Authentication Bypass by Primary Weakness in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-1307",
        "datePublished": "2023-03-10T00:00:00.000Z",
        "dateReserved": "2023-03-10T00:00:00.000Z",
        "dateUpdated": "2025-02-28T17:06:06.135Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1033 (GCVE-0-2023-1033)

    Vulnerability from nvd – Published: 2023-02-25 00:00 – Updated: 2025-03-11 15:37
    VLAI
    Title
    Cross-Site Request Forgery (CSRF) in froxlor/froxlor
    Summary
    Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.11 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:32:46.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1033",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T15:36:54.677450Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T15:37:34.913Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-25T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950"
            }
          ],
          "source": {
            "advisory": "ba3cd929-8b60-4d8d-b77d-f28409ecf387",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-Site Request Forgery (CSRF) in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-1033",
        "datePublished": "2023-02-25T00:00:00.000Z",
        "dateReserved": "2023-02-25T00:00:00.000Z",
        "dateUpdated": "2025-03-11T15:37:34.913Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0877 (GCVE-0-2023-0877)

    Vulnerability from nvd – Published: 2023-02-17 00:00 – Updated: 2025-03-18 16:01
    VLAI
    Title
    Code Injection in froxlor/froxlor
    Summary
    Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.11 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:24:34.759Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/aa48ffca2bcaf7ae57be3b8147bb3138abdab984"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0877",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-18T16:01:03.719123Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-18T16:01:15.779Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-17T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/aa48ffca2bcaf7ae57be3b8147bb3138abdab984"
            }
          ],
          "source": {
            "advisory": "b29cf038-06f1-4fb0-9437-08f2991f92a8",
            "discovery": "EXTERNAL"
          },
          "title": " Code Injection in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-0877",
        "datePublished": "2023-02-17T00:00:00.000Z",
        "dateReserved": "2023-02-17T00:00:00.000Z",
        "dateUpdated": "2025-03-18T16:01:15.779Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0671 (GCVE-0-2023-0671)

    Vulnerability from nvd – Published: 2023-02-04 00:00 – Updated: 2025-03-25 20:12
    VLAI
    Title
    Code Injection in froxlor/froxlor
    Summary
    Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.10 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:17:50.338Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/c2a84917-7ac0-4169-81c1-b61e617023de"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/0034681412057fef2dfe9cce9f8a6e3321f52edc"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0671",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-25T20:12:38.586606Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T20:12:58.599Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-04T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/c2a84917-7ac0-4169-81c1-b61e617023de"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/0034681412057fef2dfe9cce9f8a6e3321f52edc"
            }
          ],
          "source": {
            "advisory": "c2a84917-7ac0-4169-81c1-b61e617023de",
            "discovery": "EXTERNAL"
          },
          "title": " Code Injection in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-0671",
        "datePublished": "2023-02-04T00:00:00.000Z",
        "dateReserved": "2023-02-04T00:00:00.000Z",
        "dateUpdated": "2025-03-25T20:12:58.599Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0572 (GCVE-0-2023-0572)

    Vulnerability from nvd – Published: 2023-01-29 00:00 – Updated: 2025-03-28 15:42
    VLAI
    Title
    Unchecked Error Condition in froxlor/froxlor
    Summary
    Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-391 - Unchecked Error Condition
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.10 (custom)
    Create a notification for this product.
    Credits
    Ahmed Hassan (ahmedvienna) Josef Hassan (josefjku)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:17:49.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/4ab24ee2-3ff6-4248-9555-0af3e5f754ec"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/7b08a71c59430d06c1efb012a6c6448262aacdb1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0572",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-28T15:42:38.029869Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-28T15:42:50.200Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Ahmed Hassan (ahmedvienna)"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Josef Hassan (josefjku)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUnchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.\u003c/p\u003e"
                }
              ],
              "value": "Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-391",
                  "description": "CWE-391 Unchecked Error Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-18T10:10:34.390Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/4ab24ee2-3ff6-4248-9555-0af3e5f754ec"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/7b08a71c59430d06c1efb012a6c6448262aacdb1"
            }
          ],
          "source": {
            "advisory": "4ab24ee2-3ff6-4248-9555-0af3e5f754ec",
            "discovery": "EXTERNAL"
          },
          "title": "Unchecked Error Condition in froxlor/froxlor",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-0572",
        "datePublished": "2023-01-29T00:00:00.000Z",
        "dateReserved": "2023-01-29T00:00:00.000Z",
        "dateUpdated": "2025-03-28T15:42:50.200Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0566 (GCVE-0-2023-0566)

    Vulnerability from nvd – Published: 2023-01-29 00:00 – Updated: 2025-03-28 15:44
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor
    Summary
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - mproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.10 (custom)
    Create a notification for this product.
    Credits
    Ahmed Hassan (ahmedvienna) Josef Hassan (josefjku)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:17:49.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/8339e4f1-d430-4845-81b5-36dd9fcdac49"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/bd5b99dc1c06f594b9563d459a50bf3b32504876"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0566",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-28T15:44:01.335100Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-28T15:44:12.607Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Ahmed Hassan (ahmedvienna)"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Josef Hassan (josefjku)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eImproper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) in froxlor/froxlor prior to 2.0.10.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) in froxlor/froxlor prior to 2.0.10.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-18T10:10:12.217Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/8339e4f1-d430-4845-81b5-36dd9fcdac49"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/bd5b99dc1c06f594b9563d459a50bf3b32504876"
            }
          ],
          "source": {
            "advisory": "8339e4f1-d430-4845-81b5-36dd9fcdac49",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) in froxlor/froxlor",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-0566",
        "datePublished": "2023-01-29T00:00:00.000Z",
        "dateReserved": "2023-01-29T00:00:00.000Z",
        "dateUpdated": "2025-03-28T15:44:12.607Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-6069 (GCVE-0-2023-6069)

    Vulnerability from cvelistv5 – Published: 2023-11-10 00:00 – Updated: 2024-08-02 08:21
    VLAI
    Title
    Improper Link Resolution Before File Access in froxlor/froxlor
    Summary
    Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.1.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:21:17.449Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eImproper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.\u003c/p\u003e"
                }
              ],
              "value": "Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-16T21:10:57.491Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc"
            }
          ],
          "source": {
            "advisory": "aac0627e-e59d-476e-9385-edb7ff53758c",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Link Resolution Before File Access in froxlor/froxlor",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntr_ai",
        "cveId": "CVE-2023-6069",
        "datePublished": "2023-11-10T00:00:32.765Z",
        "dateReserved": "2023-11-10T00:00:12.624Z",
        "dateUpdated": "2024-08-02T08:21:17.449Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4829 (GCVE-0-2023-4829)

    Vulnerability from cvelistv5 – Published: 2023-10-13 12:24 – Updated: 2024-09-17 17:05
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in froxlor/froxlor
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.22 (custom)
    Create a notification for this product.
    froxlor froxlor Affected: 0 , < 2.0.22 (custom)
        cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:38:00.692Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "froxlor",
                "vendor": "froxlor",
                "versions": [
                  {
                    "lessThan": "2.0.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4829",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-17T17:04:26.707923Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T17:05:37.681Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-13T12:24:05.277Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d"
            }
          ],
          "source": {
            "advisory": "babd73ca-6c80-4145-8c7d-33a883fe606b",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-4829",
        "datePublished": "2023-10-13T12:24:05.277Z",
        "dateReserved": "2023-09-08T00:00:07.307Z",
        "dateUpdated": "2024-09-17T17:05:37.681Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5564 (GCVE-0-2023-5564)

    Vulnerability from cvelistv5 – Published: 2023-10-13 00:00 – Updated: 2024-09-17 17:08
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in froxlor/froxlor
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.1.0-dev1 (custom)
    Create a notification for this product.
    froxlor froxlor Affected: 0 , < 2.1.0-dev1 (custom)
        cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.835Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "froxlor",
                "vendor": "froxlor",
                "versions": [
                  {
                    "lessThan": "2.1.0-dev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5564",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-17T17:07:19.123189Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T17:08:03.569Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.1.0-dev1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-13T00:00:19.626Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa"
            }
          ],
          "source": {
            "advisory": "9254d8f3-a847-4ae8-8477-d2ce027cff5c",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5564",
        "datePublished": "2023-10-13T00:00:19.626Z",
        "dateReserved": "2023-10-13T00:00:06.686Z",
        "dateUpdated": "2024-09-17T17:08:03.569Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4304 (GCVE-0-2023-4304)

    Vulnerability from cvelistv5 – Published: 2023-08-11 00:00 – Updated: 2024-10-04 13:06
    VLAI
    Title
    Business Logic Errors in froxlor/froxlor
    Summary
    Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.22,2.1.0 (custom)
    Create a notification for this product.
    Credits
    Ahmed Hassan (ahmedvienna) Josef Hassan (josefjku)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:24:04.620Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4304",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T13:04:29.535523Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T13:06:39.118Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.22,2.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Ahmed Hassan (ahmedvienna)"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Josef Hassan (josefjku)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eBusiness Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.\u003c/p\u003e"
                }
              ],
              "value": "Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-840",
                  "description": "CWE-840 Business Logic Errors",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-18T10:13:29.779Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597"
            }
          ],
          "source": {
            "advisory": "59fe5037-b253-4b0f-be69-1d2e4af8b4a9",
            "discovery": "EXTERNAL"
          },
          "title": "Business Logic Errors in froxlor/froxlor",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-4304",
        "datePublished": "2023-08-11T00:00:20.247Z",
        "dateReserved": "2023-08-11T00:00:07.158Z",
        "dateUpdated": "2024-10-04T13:06:39.118Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3668 (GCVE-0-2023-3668)

    Vulnerability from cvelistv5 – Published: 2023-07-14 00:00 – Updated: 2024-10-28 20:36
    VLAI
    Title
    Improper Encoding or Escaping of Output in froxlor/froxlor
    Summary
    Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-116 - Improper Encoding or Escaping of Output
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.21 (custom)
    Create a notification for this product.
    froxlor froxlor Affected: 0 , < 2.0.21 (custom)
        cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:01:57.327Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "froxlor",
                "vendor": "froxlor",
                "versions": [
                  {
                    "lessThan": "2.0.21",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3668",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T20:31:42.683584Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T20:36:00.527Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.21",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-116",
                  "description": "CWE-116 Improper Encoding or Escaping of Output",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-14T00:00:19.815Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965"
            }
          ],
          "source": {
            "advisory": "df8cccf4-a340-440e-a7e0-1b42e757d66e",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Encoding or Escaping of Output in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3668",
        "datePublished": "2023-07-14T00:00:19.815Z",
        "dateReserved": "2023-07-14T00:00:06.988Z",
        "dateUpdated": "2024-10-28T20:36:00.527Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3192 (GCVE-0-2023-3192)

    Vulnerability from cvelistv5 – Published: 2023-06-11 00:00 – Updated: 2025-01-06 17:04
    VLAI
    Title
    Session Fixation in froxlor/froxlor
    Summary
    Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.1.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.302Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3192",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-06T17:04:10.411183Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-06T17:04:25.248Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-384",
                  "description": "CWE-384 Session Fixation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-11T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52"
            }
          ],
          "source": {
            "advisory": "f3644772-9c86-4f55-a0fa-aeb11f411551",
            "discovery": "EXTERNAL"
          },
          "title": "Session Fixation in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3192",
        "datePublished": "2023-06-11T00:00:00.000Z",
        "dateReserved": "2023-06-11T00:00:00.000Z",
        "dateUpdated": "2025-01-06T17:04:25.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3173 (GCVE-0-2023-3173)

    Vulnerability from cvelistv5 – Published: 2023-06-09 00:00 – Updated: 2025-01-06 17:11
    VLAI
    Title
    Improper Restriction of Excessive Authentication Attempts in froxlor/froxlor
    Summary
    Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.20 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:07.538Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3173",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-06T17:11:52.944889Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-06T17:11:57.332Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-09T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6"
            }
          ],
          "source": {
            "advisory": "4d715f76-950d-4251-8139-3dffea798f14",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Restriction of Excessive Authentication Attempts in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3173",
        "datePublished": "2023-06-09T00:00:00.000Z",
        "dateReserved": "2023-06-09T00:00:00.000Z",
        "dateUpdated": "2025-01-06T17:11:57.332Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3172 (GCVE-0-2023-3172)

    Vulnerability from cvelistv5 – Published: 2023-06-09 00:00 – Updated: 2025-01-06 17:12
    VLAI
    Title
    Path Traversal in froxlor/froxlor
    Summary
    Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.20 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:07.341Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3172",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-06T17:12:19.422769Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-06T17:12:23.267Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-09T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e"
            }
          ],
          "source": {
            "advisory": "e50966cd-9222-46b9-aedc-1feb3f2a0b0e",
            "discovery": "EXTERNAL"
          },
          "title": "Path Traversal in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3172",
        "datePublished": "2023-06-09T00:00:00.000Z",
        "dateReserved": "2023-06-09T00:00:00.000Z",
        "dateUpdated": "2025-01-06T17:12:23.267Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2666 (GCVE-0-2023-2666)

    Vulnerability from cvelistv5 – Published: 2023-05-12 00:00 – Updated: 2025-01-24 15:59
    VLAI
    Title
    Allocation of Resources Without Limits or Throttling in froxlor/froxlor
    Summary
    Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:26:09.761Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/0bbdc9d4-d9dc-4490-93ef-0a83b451a20f"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/1679675aa1c29d24344dd2e091ff252accb111d6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2666",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T15:58:44.251136Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T15:59:16.468Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-12T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/0bbdc9d4-d9dc-4490-93ef-0a83b451a20f"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/1679675aa1c29d24344dd2e091ff252accb111d6"
            }
          ],
          "source": {
            "advisory": "0bbdc9d4-d9dc-4490-93ef-0a83b451a20f",
            "discovery": "EXTERNAL"
          },
          "title": "Allocation of Resources Without Limits or Throttling in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2666",
        "datePublished": "2023-05-12T00:00:00.000Z",
        "dateReserved": "2023-05-12T00:00:00.000Z",
        "dateUpdated": "2025-01-24T15:59:16.468Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2034 (GCVE-0-2023-2034)

    Vulnerability from cvelistv5 – Published: 2023-04-14 00:00 – Updated: 2025-02-06 21:01
    VLAI
    Title
    Unrestricted Upload of File with Dangerous Type in froxlor/froxlor
    Summary
    Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.14 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:12:19.833Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/aba6beaa-570e-4523-8128-da4d8e374ef6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/f36bc61fc74c85a21c8d31448198b11f96eb3bc6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2034",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T21:01:22.694728Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T21:01:27.259Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.14",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-14T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/aba6beaa-570e-4523-8128-da4d8e374ef6"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/f36bc61fc74c85a21c8d31448198b11f96eb3bc6"
            }
          ],
          "source": {
            "advisory": "aba6beaa-570e-4523-8128-da4d8e374ef6",
            "discovery": "EXTERNAL"
          },
          "title": "Unrestricted Upload of File with Dangerous Type in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2034",
        "datePublished": "2023-04-14T00:00:00.000Z",
        "dateReserved": "2023-04-14T00:00:00.000Z",
        "dateUpdated": "2025-02-06T21:01:27.259Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1307 (GCVE-0-2023-1307)

    Vulnerability from cvelistv5 – Published: 2023-03-10 00:00 – Updated: 2025-02-28 17:06
    VLAI
    Title
    Authentication Bypass by Primary Weakness in froxlor/froxlor
    Summary
    Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-305 - Authentication Bypass by Primary Weakness
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.13 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:40:59.799Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1307",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T17:05:24.223544Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T17:06:06.135Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.13",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "CWE-305 Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-10T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23"
            }
          ],
          "source": {
            "advisory": "5fe85af4-a667-41a9-a00d-f99e07c5e2f1",
            "discovery": "EXTERNAL"
          },
          "title": "Authentication Bypass by Primary Weakness in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-1307",
        "datePublished": "2023-03-10T00:00:00.000Z",
        "dateReserved": "2023-03-10T00:00:00.000Z",
        "dateUpdated": "2025-02-28T17:06:06.135Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1033 (GCVE-0-2023-1033)

    Vulnerability from cvelistv5 – Published: 2023-02-25 00:00 – Updated: 2025-03-11 15:37
    VLAI
    Title
    Cross-Site Request Forgery (CSRF) in froxlor/froxlor
    Summary
    Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.11 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:32:46.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1033",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T15:36:54.677450Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T15:37:34.913Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-25T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950"
            }
          ],
          "source": {
            "advisory": "ba3cd929-8b60-4d8d-b77d-f28409ecf387",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-Site Request Forgery (CSRF) in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-1033",
        "datePublished": "2023-02-25T00:00:00.000Z",
        "dateReserved": "2023-02-25T00:00:00.000Z",
        "dateUpdated": "2025-03-11T15:37:34.913Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0877 (GCVE-0-2023-0877)

    Vulnerability from cvelistv5 – Published: 2023-02-17 00:00 – Updated: 2025-03-18 16:01
    VLAI
    Title
    Code Injection in froxlor/froxlor
    Summary
    Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.11 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:24:34.759Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/aa48ffca2bcaf7ae57be3b8147bb3138abdab984"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0877",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-18T16:01:03.719123Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-18T16:01:15.779Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-17T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/aa48ffca2bcaf7ae57be3b8147bb3138abdab984"
            }
          ],
          "source": {
            "advisory": "b29cf038-06f1-4fb0-9437-08f2991f92a8",
            "discovery": "EXTERNAL"
          },
          "title": " Code Injection in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-0877",
        "datePublished": "2023-02-17T00:00:00.000Z",
        "dateReserved": "2023-02-17T00:00:00.000Z",
        "dateUpdated": "2025-03-18T16:01:15.779Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0671 (GCVE-0-2023-0671)

    Vulnerability from cvelistv5 – Published: 2023-02-04 00:00 – Updated: 2025-03-25 20:12
    VLAI
    Title
    Code Injection in froxlor/froxlor
    Summary
    Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code
    Assigner
    Impacted products
    Vendor Product Version
    froxlor froxlor/froxlor Affected: unspecified , < 2.0.10 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:17:50.338Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/c2a84917-7ac0-4169-81c1-b61e617023de"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/froxlor/froxlor/commit/0034681412057fef2dfe9cce9f8a6e3321f52edc"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0671",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-25T20:12:38.586606Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T20:12:58.599Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "froxlor/froxlor",
              "vendor": "froxlor",
              "versions": [
                {
                  "lessThan": "2.0.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-04T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/c2a84917-7ac0-4169-81c1-b61e617023de"
            },
            {
              "url": "https://github.com/froxlor/froxlor/commit/0034681412057fef2dfe9cce9f8a6e3321f52edc"
            }
          ],
          "source": {
            "advisory": "c2a84917-7ac0-4169-81c1-b61e617023de",
            "discovery": "EXTERNAL"
          },
          "title": " Code Injection in froxlor/froxlor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-0671",
        "datePublished": "2023-02-04T00:00:00.000Z",
        "dateReserved": "2023-02-04T00:00:00.000Z",
        "dateUpdated": "2025-03-25T20:12:58.599Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }