CVE-2025-48958

Published: Jun 2, 2025

Modified: Jun 2, 2025

PUBLISHED

CVSS v3.1

5.5

MEDIUM

Description

Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue.

Vendor	Product	Versions
froxlor	Froxlor	affected `< 2.2.6`

Weaknesses (CWE)

CWE-79

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373

x_refsource_CONFIRM

https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a

x_refsource_MISC

https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-48958

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References