← Volver a CVEs
CVE-2025-48958
MEDIUM5.5
Descripcion
Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue.
Detalles CVE
Puntuacion CVSS v3.15.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado6/2/2025
Ultima modificacion6/25/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
froxlor:froxlor
Debilidades (CWE)
CWE-79
Referencias
https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a(security-advisories@github.com)
https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373(security-advisories@github.com)
https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e(security-advisories@github.com)
https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.