{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-50256", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-05T20:42:59.378Z", "datePublished": "2024-01-03T22:34:47.447Z", "dateUpdated": "2025-06-17T20:29:07.539Z"}, "containers": {"cna": {"title": "Froxlor username/surname AND company field Bypass", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4"}, {"name": "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac", "tags": ["x_refsource_MISC"], "url": "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac"}, {"name": "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4", "tags": ["x_refsource_MISC"], "url": "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4"}], "affected": [{"vendor": "Froxlor", "product": "Froxlor", "versions": [{"version": "< 2.1.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-03T22:34:47.447Z"}, "descriptions": [{"lang": "en", "value": "Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.\n"}], "source": {"advisory": "GHSA-625g-fm5w-w7w4", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:16:46.105Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4"}, {"name": "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac"}, {"name": "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-50256", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-09T15:34:46.014767Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T20:29:07.539Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4", "name": "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac", "name": "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4", "name": "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:16:46.105Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-50256", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-09T15:34:46.014767Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T20:24:09.668Z"}}], "cna": {"title": "Froxlor username/surname AND company field Bypass", "source": {"advisory": "GHSA-625g-fm5w-w7w4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Froxlor", "product": "Froxlor", "versions": [{"status": "affected", "version": "< 2.1.2"}]}], "references": [{"url": "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4", "name": "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac", "name": "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac", "tags": ["x_refsource_MISC"]}, {"url": "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4", "name": "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-03T22:34:47.447Z"}}}, "cveMetadata": {"cveId": "CVE-2023-50256", "state": "PUBLISHED", "dateUpdated": "2025-06-17T20:29:07.539Z", "dateReserved": "2023-12-05T20:42:59.378Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-01-03T22:34:47.447Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", "matchCriteriaId": "474D793F-0B1C-43DC-979C-29B4A48045FE", "versionEndExcluding": "2.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.\n"}, {"lang": "es", "value": "Froxlor es un software de administraci\u00f3n de servidores de c\u00f3digo abierto. Antes de la versi\u00f3n 2.1.2, era posible enviar el formulario de registro con los campos esenciales, como el username y la password, dejados intencionalmente en blanco. Esta omisi\u00f3n inadvertida permiti\u00f3 omitir los requisitos de campo obligatorios (por ejemplo, apellido, nombre de la empresa) establecidos por el sistema. La versi\u00f3n 2.1.2 soluciona este problema."}], "id": "CVE-2023-50256", "lastModified": "2024-11-21T08:36:45.770", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-03T23:15:08.517", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4"}, {"source": "security-advisories@github.com", "tags": ["Exploit"], "url": "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}