CVE-2020-36978

MEDIUM

Froxlor Server Management Panel <0.10.16 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36978. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This exploit demonstrates a persistent cross-site scripting (XSS) vulnerability in Froxlor Server Management Panel 0.10.16. The vulnerability allows remote attackers to inject malicious script code via the `username`, `name`, and `firstname` input fields, which is then executed when an admin views the traffic stats.

Description

Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administrators view customer traffic modules.

Exploits (1)

exploitdb WORKING POC
by Vulnerability-Lab · textwebappsphp
https://www.exploit-db.com/exploits/49063

This exploit demonstrates a persistent cross-site scripting (XSS) vulnerability in Froxlor Server Management Panel 0.10.16. The vulnerability allows remote attackers to inject malicious script code via the `username`, `name`, and `firstname` input fields, which is then executed when an admin views the traffic stats.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Froxlor Server Management Panel 0.10.16
Auth required
Prerequisites: Low privilege user account · Admin interaction to view traffic stats
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Scores

CVSS v3 6.4
EPSS 0.0031
EPSS Percentile 22.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
Froxlor/Froxlor Froxlor Server Management Panel 0.10.16
Published Jan 27, 2026
Tracked Since Feb 18, 2026