CVE-2024-34070

CRITICAL

Froxlor < 2.1.9 - Unauthenticated Stored Cross-Site Scripting via Login Name Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-34070. PoCs published by Okymi-X, Akira07210.

AI-analyzed exploit summary This repository contains a functional Python-based proof-of-concept exploit for CVE-2024-34070, a stored XSS vulnerability in Froxlor before version 2.1.9. The exploit injects a malicious payload via the login form, which, when viewed by an admin, creates a new administrator account.

Description

Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting (XSS) vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on the Login attempt, which will then be executed when viewed by the Administrator in the System Logs. By exploiting this vulnerability, the attacker can perform various malicious actions such as forcing the Administrator to execute actions without their knowledge or consent. For instance, the attacker can force the Administrator to add a new administrator controlled by the attacker, thereby giving the attacker full control over the application. This vulnerability is fixed in 2.1.9.

Exploits (2)

github WORKING POC

by Okymi-X · pythonpoc

https://github.com/Okymi-X/CVE-2024-34070

View Code ZIP pw:eip

This repository contains a functional Python-based proof-of-concept exploit for CVE-2024-34070, a stored XSS vulnerability in Froxlor before version 2.1.9. The exploit injects a malicious payload via the login form, which, when viewed by an admin, creates a new administrator account.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Froxlor < 2.1.9

No auth needed

Prerequisites: Target must be running Froxlor < 2.1.9 · An admin must view the system logs for the payload to execute

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Jun 06, 2026 Full analysis →

github WORKING POC

by Akira07210 · pythonpoc

https://github.com/Akira07210/Exploit-CVE-2024-34070

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-34070, which leverages a stored XSS vulnerability in Froxlor to create an admin account. The exploit uses a crafted payload to trigger JavaScript execution, which then sends an HTTP request to create a new admin user.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Froxlor (version not specified)

No auth needed

Prerequisites: Target URL · Desired username and password for the new admin account

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed May 19, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53

Patch x_refsource_misc

https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6

View Patch ZIP pw:eip

Scores

CVSS v3 9.6

EPSS 0.0096

EPSS Percentile 57.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-79 CWE-80

Status published

Products (2)

froxlor/froxlor 0 - 2.1.9Packagist

froxlor/Froxlor < 2.1.9

Published May 14, 2024

Tracked Since Feb 18, 2026