CVE-2020-36978

MEDIUM

Froxlor Server Management Panel <0.10.16 - XSS

Title source: llm

Description

Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administrators view customer traffic modules.

Exploits (1)

exploitdb WORKING POC

by Vulnerability-Lab · textwebappsphp

https://www.exploit-db.com/exploits/49063

View Code ZIP pw:eip

References (7)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/49063

[Various Sources] https://froxlor.org/

[Various Sources] https://froxlor.org/download/

[Various Sources] https://www.vulnerability-lab.com/get_content.php?id=2241

[Various Sources] https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab

[Various Sources] https://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.

[Third Party Advisory] https://www.vulncheck.com/advisories/froxlor-froxlor-server-management-panel-persistent-cross-site-scripting

Scores

CVSS v3 6.4

EPSS 0.0002

EPSS Percentile 4.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

Froxlor/Froxlor Froxlor Server Management Panel 0.10.16

Published Jan 27, 2026

Tracked Since Feb 18, 2026