froxlor — Vulnerabilities & Security Advisories 12

All 12 CVE vulnerabilities found in froxlor, with AI-generated Chinese analysis, references, and POCs.

Vendor: Froxlor

CVE ID	Title	CVSS	Severity	Published
CVE-2026-41233	Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add() CWE-863	5.4	Medium	2026-04-23
CVE-2026-41232	Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index that Allows Cross-Customer Email Spoofing CWE-863	5.0	Medium	2026-04-23
CVE-2026-41231	Froxlor has Incomplete Symlink Validation in DataDump.add() that Allows Arbitrary Directory Ownership Takeover via Cron CWE-59	7.5	High	2026-04-23
CVE-2026-41230	Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add() CWE-93	8.5	High	2026-04-23
CVE-2026-41229	Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API) CWE-94	9.1	Critical	2026-04-23
CVE-2026-41228	Froxlor has Local File Inclusion via path traversal in API `def_language` parameter that leads to Remote Code Execution CWE-98	10.0	Critical	2026-04-23
CVE-2026-30932	Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API CWE-74	7.5	-	2026-03-24
CVE-2026-26279	Froxlor Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection CWE-78	9.1	Critical	2026-03-03
CVE-2025-48958	Froxlor has an HTML Injection Vulnerability CWE-79	5.5	Medium	2025-06-02
CVE-2025-29773	Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover CWE-287	5.8	Medium	2025-03-13
CVE-2024-34070	Froxlor Vulnerable to Blind XSS Leading to Froxlor Application Compromise CWE-79	9.7	Critical	2024-05-10
CVE-2023-50256	Froxlor username/surname AND company field Bypass CWE-20	7.5	High	2024-01-03

All 12 known CVE vulnerabilities affecting froxlor with full Chinese analysis, references, and POCs where available.