Plateforme
php
Composant
froxlor
Corrigé dans
2.1.10
CVE-2024-34070 describes a Stored Blind Cross-Site Scripting (XSS) vulnerability affecting Froxlor, open-source server administration software. This vulnerability allows an unauthenticated attacker to inject malicious scripts into the system logs, potentially leading to unauthorized actions performed by the administrator. The vulnerability impacts versions of Froxlor up to and including 2.1.8, and a fix is available in version 2.1.9.
The impact of this XSS vulnerability is significant. An attacker can inject arbitrary JavaScript code that will be executed within the context of the administrator's browser when they view the system logs. This could allow the attacker to steal session cookies, redirect the administrator to a malicious website, or even execute arbitrary code on the server if the administrator's browser has sufficient privileges. The blind nature of the XSS means the attacker doesn't need to see the immediate result of their injection; the script executes when the administrator views the logs, making detection more difficult. This vulnerability effectively compromises the administrator's account and potentially the entire server.
CVE-2024-34070 was publicly disclosed on May 10, 2024. The vulnerability's ease of exploitation and potential impact suggest a medium probability of exploitation. No public proof-of-concept (POC) code has been publicly released as of this writing, but the vulnerability's nature makes it likely that such code will emerge. It is not currently listed on the CISA KEV catalog.
Organizations using Froxlor for server administration, particularly those running versions 2.1.8 or earlier, are at significant risk. Shared hosting environments where multiple users share the same Froxlor instance are especially vulnerable, as an attacker compromising one user's account could potentially exploit this vulnerability to gain access to the administrator's account.
• php: Examine Froxlor system logs for unusual JavaScript code within login attempt entries. Use grep to search for <script> tags or obfuscated JavaScript patterns.
grep '<script' /path/to/froxlor/logs/system.log• generic web: Monitor Froxlor login endpoints for unusual HTTP requests containing suspicious parameters in the loginname field. Use curl to test the endpoint with various payloads.
curl -X POST -d "loginname=<script>alert('XSS')</script>" http://froxlor/login• generic web: Review Froxlor access logs for requests originating from unusual IP addresses or user agents attempting to access the system logs.
disclosure
Statut de l'Exploit
EPSS
0.88% (percentile 75%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2024-34070 is to immediately upgrade Froxlor to version 2.1.9 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. These could include restricting access to the system logs to authorized personnel only, and carefully reviewing all log entries for suspicious activity. Web Application Firewalls (WAFs) configured to detect and block XSS payloads targeting the loginname parameter could also provide some protection, though this is not a substitute for patching. Monitor Froxlor logs for unusual activity and consider implementing stricter input validation on the login attempt functionality.
Mettez à jour Froxlor à la version 2.1.9 ou supérieure. Cette version contient une correction pour la vulnérabilité XSS. La mise à jour peut être effectuée via le panneau d'administration de Froxlor ou en téléchargeant la dernière version du logiciel et en remplaçant les fichiers existants.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-34070 is a critical Stored Blind Cross-Site Scripting (XSS) vulnerability in Froxlor server administration software, allowing attackers to inject malicious scripts into system logs.
You are affected if you are running Froxlor versions 2.1.8 or earlier. Upgrade to 2.1.9 or later to mitigate the risk.
The recommended fix is to upgrade Froxlor to version 2.1.9 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting log access and using a WAF.
While no active exploitation has been confirmed, the vulnerability's ease of exploitation suggests a potential for exploitation. Monitor your systems closely.
Refer to the official Froxlor security advisory for details and updates: [https://froxlor.com/security/](https://froxlor.com/security/)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.