Platform
php
Component
froxlor
Fixed in
2.1.10
CVE-2024-34070 describes a Stored Blind Cross-Site Scripting (XSS) vulnerability affecting Froxlor, open-source server administration software. This vulnerability allows an unauthenticated attacker to inject malicious scripts into the system logs, potentially leading to unauthorized actions performed by the administrator. The vulnerability impacts versions of Froxlor up to and including 2.1.8, and a fix is available in version 2.1.9.
The impact of this XSS vulnerability is significant. An attacker can inject arbitrary JavaScript code that will be executed within the context of the administrator's browser when they view the system logs. This could allow the attacker to steal session cookies, redirect the administrator to a malicious website, or even execute arbitrary code on the server if the administrator's browser has sufficient privileges. The blind nature of the XSS means the attacker doesn't need to see the immediate result of their injection; the script executes when the administrator views the logs, making detection more difficult. This vulnerability effectively compromises the administrator's account and potentially the entire server.
CVE-2024-34070 was publicly disclosed on May 10, 2024. The vulnerability's ease of exploitation and potential impact suggest a medium probability of exploitation. No public proof-of-concept (POC) code has been publicly released as of this writing, but the vulnerability's nature makes it likely that such code will emerge. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.88% (75% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-34070 is to immediately upgrade Froxlor to version 2.1.9 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. These could include restricting access to the system logs to authorized personnel only, and carefully reviewing all log entries for suspicious activity. Web Application Firewalls (WAFs) configured to detect and block XSS payloads targeting the loginname parameter could also provide some protection, though this is not a substitute for patching. Monitor Froxlor logs for unusual activity and consider implementing stricter input validation on the login attempt functionality.
Update Froxlor to version 2.1.9 or higher. This version contains a fix for the XSS vulnerability. The update can be performed through the Froxlor administration panel or by downloading the latest version of the software and replacing the existing files.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-34070 is a critical Stored Blind Cross-Site Scripting (XSS) vulnerability in Froxlor server administration software, allowing attackers to inject malicious scripts into system logs.
You are affected if you are running Froxlor versions 2.1.8 or earlier. Upgrade to 2.1.9 or later to mitigate the risk.
The recommended fix is to upgrade Froxlor to version 2.1.9 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting log access and using a WAF.
While no active exploitation has been confirmed, the vulnerability's ease of exploitation suggests a potential for exploitation. Monitor your systems closely.
Refer to the official Froxlor security advisory for details and updates: [https://froxlor.com/security/](https://froxlor.com/security/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.