CVE-2025-48958

Exploit

EPSS 0.07%
Veröffentlicht 02.06.2025 11:18:27
Zuletzt bearbeitet 25.06.2025 17:36:43
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Froxlor ≫ Froxlor Version < 2.2.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.207

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com	5.5	2.1	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373

Vendor Advisory

Exploit

https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a

Patch

https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-48958

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-48958

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-48958

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-48958