froxlor/froxlor Security Advisories for 2.2.0 (4)
-
[HIGH] Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API
PKSA-8kv2-v86v-pjxv CVE-2026-30932 GHSA-x6w6-2xwp-3jh6
Affected version: <=2.3.4
Reported by:
GitHub -
[CRITICAL] Froxlor has Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection
PKSA-b24n-4864-6pc2 CVE-2026-26279 GHSA-33mp-8p67-xj7c
Affected version: <=2.3.3
Reported by:
GitHub -
[MEDIUM] Froxlor has an HTML Injection Vulnerability
PKSA-rmd1-7gwd-nktx CVE-2025-48958 GHSA-26xq-m8xw-6373
Affected version: <=2.2.5
Reported by:
GitHub -
[MEDIUM] Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover
PKSA-7t7y-8d9m-zjrw CVE-2025-29773 GHSA-7j6w-p859-464f
Affected version: <=2.2.5
Reported by:
GitHub