CVE-2025-48958: Froxlor has an HTML Injection Vulnerability
(updated )
An HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication.
References
- github.com/advisories/GHSA-26xq-m8xw-6373
- github.com/froxlor/Froxlor
- github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a
- github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373
- github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e
- nvd.nist.gov/vuln/detail/CVE-2025-48958
Code Behaviors & Features
Detect and mitigate CVE-2025-48958 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →