Exploitation Summary
CVE-2022-3869 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.
Nuclei Templates (1)
Froxlor < 0.10.38.2. - HTML Injection
MEDIUMVERIFIEDby ctflearner
Shodan:
title:"Froxlor"
References (2)
Core 2
Core References
Patch, Third Party Advisory
https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8
Exploit, Patch, Third Party Advisory
https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b
Scores
CVSS v3
6.1
EPSS
0.0126
EPSS Percentile
65.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
CWE-79
Status
published
Products (2)
froxlor/froxlor
< 0.10.38.2
froxlor/froxlor
0 - 0.10.38.2Packagist
Published
Nov 05, 2022
Tracked Since
Feb 18, 2026