VYPR

Freescout

by Freescout

Source repositories

CVEs (71)

  • CVE-2025-58163Sep 3, 2025
    risk 0.00cvss epss 0.01

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.185 and earlier contain a deserialization of untrusted data vulnerability that allows authenticated attackers with knowledge of the application's APP_KEY to achieve remote code…

  • CVE-2025-54366Jul 26, 2025
    risk 0.00cvss epss 0.01

    FreeScout is a lightweight free open source help desk and shared inbox built with PHP (Laravel framework). In versions 1.8.185 and below, there is a critical deserialization vulnerability in the /conversation/ajax endpoint that allows authenticated users with knowledge of the…

  • CVE-2025-48488May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, deleting the file .htaccess allows an attacker to upload an HTML file containing malicious JavaScript code to the server, which can result in a Cross-Site Scripting (XSS) vulnerability. This…

  • CVE-2025-48880May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, when an administrative account is a deleting a user, there is the the possibility of a race condition occurring. This issue has been patched in version 1.8.181.

  • CVE-2025-48875May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system's incorrect validation of last_name and first_name during profile data updates allows for the injection of arbitrary JavaScript code, which will be executed in a flesh-message when…

  • CVE-2025-48489May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to insufficient data validation and sanitization during data reception. This issue has been patched in version 1.8.180.

  • CVE-2025-48487May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when creating a translation of a phrase that appears in a flash-message after a completed action, it is possible to inject a payload to exploit XSS vulnerability. This issue has been patched…

  • CVE-2025-48486May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the cross-site scripiting (XSS) vulnerability is caused by the lack of input validation and sanitization in both \Session::flash and __, allowing user input to be executed without proper…

  • CVE-2025-48485May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data when an authenticated user updates the profile of an…

  • CVE-2025-48484May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data in the conversation POST data body. This issue has…

  • CVE-2025-48483May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data during mail signature sanitization. An attacker can…

  • CVE-2025-48482May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill() method, which processes fields such as channel and channel_id. However, the fill() method is called…

  • CVE-2025-48481May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invite_hash, can exploit this vulnerability to self-activate their account, despite it being blocked or deleted, by leveraging the…

  • CVE-2025-48480May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an authorized user with the administrator role or with the privilege User::PERM_EDIT_USERS can create a user, specifying the path to the user's avatar ../.htaccess during creation, and then…

  • CVE-2025-48479May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the laravel-translation-manager package does not correctly validate user input, enabling the deletion of any directory, given sufficient access rights. This issue has been patched in version…

  • CVE-2025-48478May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, insufficient input validation during user creation has resulted in a mass assignment vulnerability, allowing an attacker to manipulate all fields of the object, which are enumerated in the…

  • CVE-2025-48477May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence of actions to implement a functional capability, but the application allows access to the functional capability without…

  • CVE-2025-48476May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill() method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment…

  • CVE-2025-48475May 29, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of the System an authorized user can view and edit, and which ones they cannot. As a result, an authorized user who does not have access…

  • CVE-2025-48474May 29, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application incorrectly checks user access rights for conversations. Users with show_only_assigned_conversations enabled can assign themselves to an arbitrary conversation from the…