Cross-site request forgery in Froxlor - #VU135782
Published: June 29, 2026
Froxlor
Detailed vulnerability description
The vulnerability allows a remote attacker to perform unauthorized actions.
The vulnerability exists due to missing cross-site request forgery protection in the AJAX endpoint lib/ajax.php?action=editapikey when handling crafted cross-site requests. A remote attacker can trick the victim into visiting a crafted page to perform unauthorized actions.
User interaction is required to load the crafted page.