Medium severity6.4NVD Advisory· Published Jan 27, 2026· Updated Apr 15, 2026

CVE-2020-36978

Description

Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administrators view customer traffic modules.

Affected products

Froxlor/Froxlorinferred
Range: =0.10.16

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

froxlor.orgnvd
froxlor.org/download/nvd
www.exploit-db.com/exploits/49063nvd
www.vulncheck.com/advisories/froxlor-froxlor-server-management-panel-persistent-cross-site-scriptingnvd
www.vulnerability-lab.com/get_content.phpnvd
www.vulnerability-lab.com/show.phpnvd
www.vulnerability-lab.com/show.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.416
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000