Listen to this Post
How the CVE Works
CVE-2025-48958 is an HTML Injection vulnerability in Froxlor’s customer account portal. Attackers can inject malicious HTML payloads via the email input field due to insufficient input sanitization. When an admin or another user views the injected content, the payload executes, potentially leading to phishing attacks, credential theft, or redirection to malicious sites. The attack requires no authentication, but exploitation depends on user interaction. Froxlor 2.2.6 patches this by implementing proper input validation.
DailyCVE Form
Platform: Froxlor
Version: < 2.2.6
Vulnerability: HTML Injection
Severity: Medium
Date: 06/25/2025
Prediction: Patch expected by 07/10/2025
What Undercode Say
Check Froxlor version froxlor-cli --version Example malicious payload <input type="hidden" value="http://malicious.site"> Patch verification grep "sanitize_email_input" /var/www/froxlor/lib/Froxlor/System/Validator.php
How Exploit
1. Attacker submits crafted HTML in email field.
2. Admin views customer details, triggering payload.
3. Malicious content loads or redirects occur.
Protection from this CVE
- Update to Froxlor 2.2.6.
- Implement CSP headers.
- Sanitize all user inputs.
Impact
- Phishing attacks.
- Credential theft.
- Reputational damage.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
