PT-2026-5001 · Froxlor · Froxlor Froxlor Server Management Panel
Vulnerability-Lab
·
Published
2026-01-27
·
Updated
2026-01-27
·
CVE-2020-36978
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Froxlor Server Management Panel version 0.10.16
Description
A persistent cross-site scripting issue exists in the customer registration input fields. This allows attackers to inject malicious scripts using the
username, name, and firstname parameters, which are then executed when administrators view customer traffic modules.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Froxlor Froxlor Server Management Panel