froxlor

Top products

The 15 most recently published vulnerabilities affecting froxlor.

• CVE-2026-41236Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path8.8Jun 4, 2026
• CVE-2026-41234Froxlor: BIND Zone File Injection via TXT Record Content7.6Jun 4, 2026
• CVE-2026-41233Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add()5.4Apr 23, 2026
• CVE-2026-41232Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index that Allows Cross-Customer Email Spoofing5.0Apr 23, 2026
• CVE-2026-41231Froxlor has Incomplete Symlink Validation in DataDump.add() that Allows Arbitrary Directory Ownership Takeover via Cron7.5Apr 23, 2026
• CVE-2026-41230Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add()8.5Apr 23, 2026
• CVE-2026-41229Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API)9.1Apr 23, 2026
• CVE-2026-41228Froxlor has Local File Inclusion via path traversal in API `def_language` parameter that leads to Remote Code Execution9.9Apr 23, 2026
• CVE-2026-30932Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API8.8Mar 24, 2026
• CVE-2026-26279Froxlor Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection9.1Mar 3, 2026
• CVE-2020-36978Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting6.4Jan 27, 2026
• CVE-2025-48958Froxlor has an HTML Injection Vulnerability5.5Jun 2, 2025
• CVE-2025-29773Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover5.8Mar 13, 2025
• CVE-2024-34070Froxlor Vulnerable to Blind XSS Leading to Froxlor Application Compromise9.6May 10, 2024
• CVE-2023-50256Froxlor username/surname AND company field Bypass7.5Jan 3, 2024