Froxlor HTML Injection Vulnerability in Customer Account Portal

A medium severity HTML injection vulnerability has been identified in Froxlor versions prior to 2.2.6. This issue allows attackers to inject malicious HTML into the email section of the customer account portal. Exploitation of this vulnerability could lead to phishing attacks, credential theft, and reputational damage by redirecting users to harmful external websites. The vulnerability can be exploited through user input without authentication.

Impact

Exploitation of this vulnerability could result in HTML injection, allowing attackers to manipulate the content of the customer account portal. This could be used to conduct phishing attacks, steal credentials, deface the application, or redirect users to malicious websites. Such actions could cause reputational harm to the organization and potential compliance violations.

Reproduction

To reproduce this vulnerability, navigate to the email section of the customer account portal and create a new email address. Intercept the request using Burp Suite and modify the 'domain' field with an HTML injection payload, such as an anchor tag linking to an external website. Forward the modified request and observe that the injected payload is reflected on an error page. Clicking the link will confirm the successful injection by redirecting to the specified external site.

Remediation

Users are advised to update to Froxlor version 2.2.6 or later, where this vulnerability has been fixed.