CVE-2025-48958

Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 2.2.6

Description The issue is an HTML Injection vulnerability in the customer account portal, allowing an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability can be exploited through user input without authentication.

Recommendations For versions prior to 2.2.6, update to version 2.2.6 to fix the issue. As a temporary workaround, consider restricting user input in the email section of the customer account portal to minimize the risk of exploitation.