VYPR

Freescout

by Freescout

Source repositories

CVEs (71)

  • CVE-2026-41902CriMay 7, 2026
    risk 0.59cvss 9.1epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/{hash} endpoint accepts a 60-character random invite_hash to set a new user's password. The endpoint performs no expiration check — the hash remains…

  • CVE-2023-52268CriNov 12, 2024
    risk 0.59cvss 9.1epss 0.01

    The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub.

  • CVE-2026-40498CriApr 21, 2026
    risk 0.57cvss 9.8epss 0.01

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APP_KEY,…

  • CVE-2026-41193CriApr 21, 2026
    risk 0.52cvss 9.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a…

  • CVE-2026-40569CriApr 21, 2026
    risk 0.52cvss 9.0epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout (`connectionIncomingSave()` at `app/Http/Controllers/MailboxesController.php:468` and…

  • CVE-2026-40496CriApr 21, 2026
    risk 0.52cvss 9.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: `md5(APP_KEY + attachment_id + size)`. Since attachment_id is sequential and size can be brute-forced in a small…

  • CVE-2026-40568HigApr 21, 2026
    risk 0.48cvss 8.5epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting (XSS) vulnerability in the mailbox signature feature. The sanitization function `Helper::stripDangerousTags()` (`app/Misc/Helper.php:568`) uses an…

  • CVE-2026-40497HigApr 21, 2026
    risk 0.46cvss 8.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's `Helper::stripDangerousTags()` removes ``, ``, ``, `` but does NOT strip `` tags. The mailbox signature field is saved via POST…

  • CVE-2026-41905HigMay 7, 2026
    risk 0.43cvss 7.7epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl() in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl() but then re-validates the original URL instead of the final…

  • CVE-2026-47123HigMay 29, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent (user) replies based on In-Reply-To / References headers. The…

  • CVE-2026-41904HigMay 7, 2026
    risk 0.42cvss 7.6epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every…

  • CVE-2026-40589HigApr 21, 2026
    risk 0.42cvss 7.6epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer in another mailbox. The server discloses the hidden customer’s name and…

  • CVE-2026-39384HigApr 7, 2026
    risk 0.42cvss 7.6epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not take the limit_user_customer_visibility parameter into account when merging customers. This vulnerability is fixed in 1.8.212.

  • CVE-2026-41906HigMay 7, 2026
    risk 0.39cvss 7.1epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversation_change_customer action accepts…

  • CVE-2026-41192HigApr 21, 2026
    risk 0.39cvss 7.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment IDs. Any IDs present in `attachments_all[]` but omitted from retained lists are decrypted and passed directly to…

  • CVE-2026-41191HigApr 21, 2026
    risk 0.39cvss 7.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, `MailboxesController::updateSave()` persists `chat_start_new` outside the allowed-field filter. A user with only the mailbox `sig` permission sees only the signature field in the UI, but can…

  • CVE-2026-41190HigApr 21, 2026
    risk 0.39cvss 7.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when `APP_SHOW_ONLY_ASSIGNED_CONVERSATIONS` is enabled, direct conversation view correctly blocks users who are neither the assignee nor the creator. The `save_draft` AJAX path is weaker. A…

  • CVE-2026-41189HigApr 21, 2026
    risk 0.39cvss 7.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through `ThreadPolicy::edit()`, which checks mailbox access but does not apply the assigned-only restriction from `ConversationPolicy`. A user who cannot…

  • CVE-2026-40591HigApr 21, 2026
    risk 0.39cvss 7.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled `customer_id`, `name`, `to_email`, and `phone` values and resolves the target customer in the backend without enforcing…

  • CVE-2026-41903MedMay 7, 2026
    risk 0.35cvss 5.4epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERM_EDIT_USERS permission (intended for general user-profile editing) can read and modify the notification subscriptions of any other user, including…

Page 1 of 4