Security Advisories - froxlor/froxlor

froxlor/froxlor Security Advisories for 2.0.15 (13)

[MEDIUM] Froxlor has an HTML Injection Vulnerability

PKSA-rmd1-7gwd-nktx CVE-2025-48958 GHSA-26xq-m8xw-6373

Affected version: <=2.2.5

Reported by:
GitHub
[MEDIUM] Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover

PKSA-7t7y-8d9m-zjrw CVE-2025-29773 GHSA-7j6w-p859-464f

Affected version: <=2.2.5

Reported by:
GitHub
[HIGH] Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD>

PKSA-yp36-zcg2-t1x4 GHSA-34qg-65m4-f23m

Affected version: <=2.2.0-rc3

Reported by:
GitHub
[CRITICAL] Blind XSS Leading to Froxlor Application Compromise

PKSA-2bvk-dn1k-jgtg CVE-2024-34070 GHSA-x525-54hf-xr53

Affected version: <2.1.9

Reported by:
GitHub
[HIGH] Froxlor username/surname AND company field Bypass

PKSA-94d1-2fmr-db7c CVE-2023-50256 GHSA-625g-fm5w-w7w4

Affected version: <=2.1.1

Reported by:
GitHub
[CRITICAL] Froxlor Improper Input Validation vulnerability

PKSA-mhbb-j5t7-nknm CVE-2023-6069 GHSA-4jch-8qq5-hqg6

Affected version: <2.1.0-beta1

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in froxlor/froxlor

PKSA-7ypx-w6wf-3q58 CVE-2023-4829 GHSA-cvwv-h85m-w37h

Affected version: <2.0.22

Reported by:
GitHub
[LOW] Froxlor vulnerable to business logic errors

PKSA-g52h-rdch-wgq3 CVE-2023-4304 GHSA-9rmf-6qgj-g3wj

Affected version: <2.0.22

Reported by:
GitHub
[CRITICAL] Froxlor vulnerable to Improper Encoding or Escaping of Output

PKSA-65v9-z1rw-mzb5 CVE-2023-3668 GHSA-c6v5-pf66-xfq8

Affected version: <2.0.21

Reported by:
GitHub
[MEDIUM] Froxlor Session Fixation vulnerability

PKSA-t6cp-pc2s-dd4x CVE-2023-3192 GHSA-jr66-9ghf-6gp3

Affected version: <2.1.0

Reported by:
GitHub
[CRITICAL] Froxlor vulnerable to Improper Restriction of Excessive Authentication Attempts

PKSA-hccz-hs29-mqsx CVE-2023-3173 GHSA-chw4-88xc-79w6

Affected version: <2.0.20

Reported by:
GitHub
[HIGH] Froxlor vulnerable to Path Traversal

PKSA-23qg-5ycx-pktz CVE-2023-3172 GHSA-ghqq-jfx7-f6m9

Affected version: <2.0.20

Reported by:
GitHub
[MEDIUM] Froxlor vulnerable to Allocation of Resources Without Limits or Throttling

PKSA-h83c-h2wd-ddkg CVE-2023-2666 GHSA-4gm9-c9jq-g523

Affected version: <2.0.16

Reported by:
GitHub

froxlor/froxlor Security Advisories for 2.0.15 (13)

[MEDIUM] Froxlor has an HTML Injection Vulnerability

[MEDIUM] Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover

[HIGH] Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD>

[CRITICAL] Blind XSS Leading to Froxlor Application Compromise

[HIGH] Froxlor username/surname AND company field Bypass

[CRITICAL] Froxlor Improper Input Validation vulnerability

[MEDIUM] Cross-site Scripting (XSS) in froxlor/froxlor

[LOW] Froxlor vulnerable to business logic errors

[CRITICAL] Froxlor vulnerable to Improper Encoding or Escaping of Output

[MEDIUM] Froxlor Session Fixation vulnerability

[CRITICAL] Froxlor vulnerable to Improper Restriction of Excessive Authentication Attempts

[HIGH] Froxlor vulnerable to Path Traversal

[MEDIUM] Froxlor vulnerable to Allocation of Resources Without Limits or Throttling