VYPR

Freescout

by Freescout

Source repositories

CVEs (71)

  • CVE-2025-48473May 29, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, when creating a conversation from a message in another conversation, there is no check to ensure that the user has the ability to view this message. Thus, the user can view arbitrary messages…

  • CVE-2025-48472May 29, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user…

  • CVE-2025-48471May 29, 2025
    risk 0.00cvss epss 0.01

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or performs insufficient checking of files uploaded to the application. This allows files to be uploaded with the phtml and phar extensions, which can lead to…

  • CVE-2025-48390May 29, 2025
    risk 0.00cvss epss 0.01

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to code injection due to insufficient validation of user input in the php_path parameter. The backticks characters are not removed, as well as tabulation is not…

  • CVE-2025-48389May 29, 2025
    risk 0.00cvss epss 0.01

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to deserialization of untrusted data due to insufficient validation. Through the set function, a string with a serialized object can be passed, and when getting an…

  • CVE-2025-48388May 29, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application performs insufficient validation of user-supplied data, which is used as arguments to string formatting functions. As a result, an attacker can pass a string containing…

  • CVE-2024-34698May 13, 2024
    risk 0.00cvss epss 0.00

    FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the `/public/js/main.js` source file. The Prototype Pollution arises because the `getQueryParam` Function recursively merges an…

  • CVE-2024-34697May 13, 2024
    risk 0.00cvss epss 0.01

    FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the…

  • CVE-2024-29185Mar 22, 2024
    risk 0.00cvss epss 0.02

    FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the php_path parameter is being executed as an OS command by the shell_exec function, without validating…

  • CVE-2024-29184Mar 22, 2024
    risk 0.00cvss epss 0.01

    FreeScout is a self-hosted help desk and shared mailbox. A Stored Cross-Site Scripting (XSS) vulnerability has been identified within the Signature Input Field of the FreeScout Application prior to version 1.8.128. Stored XSS occurs when user input is not properly sanitized and…

  • CVE-2024-28186Mar 12, 2024
    risk 0.00cvss epss 0.01

    FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the…

Page 4 of 4