VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-jvvz-9twe-8fb1

Essentials
Severities (15)
References (7)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-jvvz-9twe-8fb1
Aliases	CVE-2025-48958 GHSA-26xq-m8xw-6373
Summary	Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-80	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2025-48958
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2025-48958
cvssv3.1	5.5	https://github.com/froxlor/Froxlor
generic_textual	MODERATE	https://github.com/froxlor/Froxlor
cvssv3.1	5.5	https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a
generic_textual	MODERATE	https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a
ssvc	Track	https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a
cvssv3.1	5.5	https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373
generic_textual	MODERATE	https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373
ssvc	Track	https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373
cvssv3.1	5.5	https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e
generic_textual	MODERATE	https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e
ssvc	Track	https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e
cvssv3.1	5.5	https://nvd.nist.gov/vuln/detail/CVE-2025-48958
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2025-48958

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2025-48958
		https://github.com/froxlor/Froxlor
		https://nvd.nist.gov/vuln/detail/CVE-2025-48958
86947633-3e7c-4e10-86cc-92e577761e8e		https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e
fde43f80600f1035e1e3d2297411b666d805549a		https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a
GHSA-26xq-m8xw-6373		https://github.com/advisories/GHSA-26xq-m8xw-6373
GHSA-26xq-m8xw-6373		https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/froxlor/Froxlor

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T16:40:22Z/ Found at https://github.com/froxlor/Froxlor/commit/fde43f80600f1035e1e3d2297411b666d805549a

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T16:40:22Z/ Found at https://github.com/froxlor/Froxlor/security/advisories/GHSA-26xq-m8xw-6373

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T16:40:22Z/ Found at https://github.com/user-attachments/assets/86947633-3e7c-4e10-86cc-92e577761e8e

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2025-48958

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.38218
EPSS Score	0.00171
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T17:13:14.342862+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2025/48xxx/CVE-2025-48958.json	38.6.0