cvelistv5 - cve-2025-48958

CVE-2025-48958 (GCVE-0-2025-48958)

Vulnerability from cvelistv5 – Published: 2025-06-02 11:18 – Updated: 2025-06-02 16:41

Summary

Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/froxlor/Froxlor/security/advis…	x_refsource_CONFIRM
	https://github.com/froxlor/Froxlor/commit/fde43f8…	x_refsource_MISC
	https://github.com/user-attachments/assets/869476…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	froxlor	Froxlor	Affected: < 2.2.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48958",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-02T16:40:22.307089Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-02T16:41:18.444Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Froxlor",
          "vendor": "froxlor",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.2.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-02T11:18:27.230Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373"
        },
        {
          "name": "https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a"
        },
        {
          "name": "https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e"
        }
      ],
      "source": {
        "advisory": "GHSA-26xq-m8xw-6373",
        "discovery": "UNKNOWN"
      },
      "title": "Froxlor has an HTML Injection Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-48958",
    "datePublished": "2025-06-02T11:18:27.230Z",
    "dateReserved": "2025-05-28T18:49:07.585Z",
    "dateUpdated": "2025-06-02T16:41:18.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-48958\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-06-02T12:15:25.840\",\"lastModified\":\"2025-06-25T17:36:43.537\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Froxlor es un software de administraci\u00f3n de servidores de c\u00f3digo abierto. Antes de la versi\u00f3n 2.2.6, una vulnerabilidad de inyecci\u00f3n HTML en el portal de cuentas de clientes permit\u00eda a un atacante inyectar payloads HTML maliciosos en la secci\u00f3n de correo electr\u00f3nico. Esto puede provocar ataques de phishing, robo de credenciales y da\u00f1os a la reputaci\u00f3n al redirigir a los usuarios a sitios web externos maliciosos. La vulnerabilidad es de gravedad media, ya que puede explotarse mediante la entrada de datos del usuario sin autenticaci\u00f3n. La versi\u00f3n 2.2.6 corrige el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.1,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2.6\",\"matchCriteriaId\":\"0A49FCED-39DA-4EE6-8743-CD10B59D44A0\"}]}]}],\"references\":[{\"url\":\"https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Froxlor has an HTML Injection Vulnerability\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-79\", \"lang\": \"en\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"LOW\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"REQUIRED\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373\"}, {\"name\": \"https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a\"}, {\"name\": \"https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e\"}], \"affected\": [{\"vendor\": \"froxlor\", \"product\": \"Froxlor\", \"versions\": [{\"version\": \"\u003c 2.2.6\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-06-02T11:18:27.230Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue.\"}], \"source\": {\"advisory\": \"GHSA-26xq-m8xw-6373\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-48958\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-02T16:40:22.307089Z\"}}}], \"references\": [{\"url\": \"https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-02T16:41:07.372Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-48958\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2025-05-28T18:49:07.585Z\", \"datePublished\": \"2025-06-02T11:18:27.230Z\", \"dateUpdated\": \"2025-06-02T16:41:18.444Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2025-48958

Vulnerability from fkie_nvd - Published: 2025-06-02 12:15 - Updated: 2025-06-25 17:36

Severity ?

5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a	Patch
security-advisories@github.com	https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373	Exploit, Vendor Advisory
security-advisories@github.com	https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e	Exploit
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	froxlor	froxlor	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A49FCED-39DA-4EE6-8743-CD10B59D44A0",
              "versionEndExcluding": "2.2.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue."
    },
    {
      "lang": "es",
      "value": "Froxlor es un software de administraci\u00f3n de servidores de c\u00f3digo abierto. Antes de la versi\u00f3n 2.2.6, una vulnerabilidad de inyecci\u00f3n HTML en el portal de cuentas de clientes permit\u00eda a un atacante inyectar payloads HTML maliciosos en la secci\u00f3n de correo electr\u00f3nico. Esto puede provocar ataques de phishing, robo de credenciales y da\u00f1os a la reputaci\u00f3n al redirigir a los usuarios a sitios web externos maliciosos. La vulnerabilidad es de gravedad media, ya que puede explotarse mediante la entrada de datos del usuario sin autenticaci\u00f3n. La versi\u00f3n 2.2.6 corrige el problema."
    }
  ],
  "id": "CVE-2025-48958",
  "lastModified": "2025-06-25T17:36:43.537",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 3.4,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-06-02T12:15:25.840",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-26XQ-M8XW-6373

Vulnerability from github – Published: 2025-03-11 20:31 – Updated: 2025-06-03 17:35

Summary

Froxlor has an HTML Injection Vulnerability

Details

Summary

An HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication.

Observation

It is observed that in the portal of the customer account, there is a functionality in the email section to create an email address that accepts user input. By intercepting the request and modifying the "domain" field with an HTML injection payload containing an anchor tag, the injected payload is reflected on an error page. When clicked, it redirects users to an external website, confirming the presence of an HTML Injection vulnerability.

PoC

Navigate to the Email section in the Customer Account Portal and create a new email address.
Enter any garbage value in the required field and intercept the request using Burp Suite.
Locate the "domain" field in the intercepted request and replace its value with the following HTML Injection payload:

<a href="https://www.google.com">CLiCK</a>
Forward the modified request and observe that the injected payload is reflected on an error page.
Click on the displayed "CLiCK" link to verify that it redirects to https://www.google.com, confirming the presence of HTML Injection.

Impact

An attacker can exploit this HTML Injection vulnerability to manipulate the portal’s content, conduct phishing attacks, deface the application, or trick users into clicking malicious links. This can lead to credential theft, malware distribution, reputational damage, and potential compliance violations. The users of the customer account portal are impacted by this vulnerability. Specifically, any user who interacts with the email section of the portal may be tricked into clicking malicious links, leading to potential phishing attacks, credential theft, and exposure to other malicious activities. The organization hosting the portal could also be impacted by reputational damage and compliance violations.

Recommendation

It is recommended to implement proper input validation and output encoding to prevent HTML Injection. The application should sanitize user input by stripping or escaping HTML tags before rendering it on the page.

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.2.5"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "froxlor/froxlor"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-48958"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79",
      "CWE-80"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-11T20:31:08Z",
    "nvd_published_at": "2025-06-02T12:15:25Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n_An HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication._\n\n### Observation\n_It is observed that in the portal of the customer account, there is a functionality in the email section to create an email address that accepts user input. By intercepting the request and modifying the \"domain\" field with an HTML injection payload containing an anchor tag, the injected payload is reflected on an error page. When clicked, it redirects users to an external website, confirming the presence of an HTML Injection vulnerability._\n\n### PoC\n1. Navigate to the Email section in the Customer Account Portal and create a new email address.\n\n2. Enter any garbage value in the required field and intercept the request using Burp Suite.\n\n3. Locate the \"domain\" field in the intercepted request and replace its value with the following HTML Injection payload:\n\n\t`\u003ca href=\"\u0026#x68;\u0026#x74;\u0026#x74;\u0026#x70;\u0026#x73;\u0026#x3a;\u0026#x2f;\u0026#x2f;\u0026#x77;\u0026#x77;\u0026#x77;\u0026#x2e;\u0026#x67;\u0026#x6f;\u0026#x6f;\u0026#x67;\u0026#x6c;\u0026#x65;\u0026#x2e;\u0026#x63;\u0026#x6f;\u0026#x6d;\"\u003eCLiCK\u003c/a\u003e`\n\n4. Forward the modified request and observe that the injected payload is reflected on an error page.\n\n5. Click on the displayed \"CLiCK\" link to verify that it redirects to `https://www.google.com`, confirming the presence of HTML [Injection.]([url]([froxlor_HTML-INJECTION.mp4.zip](https://github.com/user-attachments/files/18311429/froxlor_HTML-INJECTION.mp4.zip)))\n\n### Impact\n_An attacker can exploit this HTML Injection vulnerability to manipulate the portal\u2019s content, conduct phishing attacks, deface the application, or trick users into clicking malicious links. This can lead to credential theft, malware distribution, reputational damage, and potential compliance violations.\nThe users of the customer account portal are impacted by this vulnerability. Specifically, any user who interacts with the email section of the portal may be tricked into clicking malicious links, leading to potential phishing attacks, credential theft, and exposure to other malicious activities. The organization hosting the portal could also be impacted by reputational damage and compliance violations._\n\n### Recommendation\n_It is recommended to implement proper input validation and output encoding to prevent HTML Injection. The application should sanitize user input by stripping or escaping HTML tags before rendering it on the page._",
  "id": "GHSA-26xq-m8xw-6373",
  "modified": "2025-06-03T17:35:31Z",
  "published": "2025-03-11T20:31:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48958"
    },
    {
      "type": "WEB",
      "url": "https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/froxlor/Froxlor"
    },
    {
      "type": "WEB",
      "url": "https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Froxlor has an HTML Injection Vulnerability"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-48958 (GCVE-0-2025-48958)

FKIE_CVE-2025-48958

GHSA-26XQ-M8XW-6373

Summary

Observation

PoC

Impact

Recommendation

Tags

Sightings

Nomenclature