Freescout
by Freescout
Source repositories
CVEs (71)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-48473 | 0.00 | — | 0.00 | May 29, 2025 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, when creating a conversation from a message in another conversation, there is no check to ensure that the user has the ability to view this message. Thus, the user can view arbitrary messages… | |||
| CVE-2025-48472 | 0.00 | — | 0.00 | May 29, 2025 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user… | |||
| CVE-2025-48471 | 0.00 | — | 0.01 | May 29, 2025 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or performs insufficient checking of files uploaded to the application. This allows files to be uploaded with the phtml and phar extensions, which can lead to… | |||
| CVE-2025-48390 | 0.00 | — | 0.01 | May 29, 2025 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to code injection due to insufficient validation of user input in the php_path parameter. The backticks characters are not removed, as well as tabulation is not… | |||
| CVE-2025-48389 | 0.00 | — | 0.01 | May 29, 2025 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to deserialization of untrusted data due to insufficient validation. Through the set function, a string with a serialized object can be passed, and when getting an… | |||
| CVE-2025-48388 | 0.00 | — | 0.00 | May 29, 2025 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application performs insufficient validation of user-supplied data, which is used as arguments to string formatting functions. As a result, an attacker can pass a string containing… | |||
| CVE-2024-34698 | 0.00 | — | 0.00 | May 13, 2024 | FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the `/public/js/main.js` source file. The Prototype Pollution arises because the `getQueryParam` Function recursively merges an… | |||
| CVE-2024-34697 | 0.00 | — | 0.01 | May 13, 2024 | FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the… | |||
| CVE-2024-29185 | 0.00 | — | 0.02 | Mar 22, 2024 | FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the php_path parameter is being executed as an OS command by the shell_exec function, without validating… | |||
| CVE-2024-29184 | 0.00 | — | 0.01 | Mar 22, 2024 | FreeScout is a self-hosted help desk and shared mailbox. A Stored Cross-Site Scripting (XSS) vulnerability has been identified within the Signature Input Field of the FreeScout Application prior to version 1.8.128. Stored XSS occurs when user input is not properly sanitized and… | |||
| CVE-2024-28186 | 0.00 | — | 0.01 | Mar 12, 2024 | FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the… |
- CVE-2025-48473May 29, 2025risk 0.00cvss —epss 0.00
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, when creating a conversation from a message in another conversation, there is no check to ensure that the user has the ability to view this message. Thus, the user can view arbitrary messages…
- CVE-2025-48472May 29, 2025risk 0.00cvss —epss 0.00
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user…
- CVE-2025-48471May 29, 2025risk 0.00cvss —epss 0.01
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or performs insufficient checking of files uploaded to the application. This allows files to be uploaded with the phtml and phar extensions, which can lead to…
- CVE-2025-48390May 29, 2025risk 0.00cvss —epss 0.01
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to code injection due to insufficient validation of user input in the php_path parameter. The backticks characters are not removed, as well as tabulation is not…
- CVE-2025-48389May 29, 2025risk 0.00cvss —epss 0.01
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to deserialization of untrusted data due to insufficient validation. Through the set function, a string with a serialized object can be passed, and when getting an…
- CVE-2025-48388May 29, 2025risk 0.00cvss —epss 0.00
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application performs insufficient validation of user-supplied data, which is used as arguments to string formatting functions. As a result, an attacker can pass a string containing…
- CVE-2024-34698May 13, 2024risk 0.00cvss —epss 0.00
FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the `/public/js/main.js` source file. The Prototype Pollution arises because the `getQueryParam` Function recursively merges an…
- CVE-2024-34697May 13, 2024risk 0.00cvss —epss 0.01
FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the…
- CVE-2024-29185Mar 22, 2024risk 0.00cvss —epss 0.02
FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the php_path parameter is being executed as an OS command by the shell_exec function, without validating…
- CVE-2024-29184Mar 22, 2024risk 0.00cvss —epss 0.01
FreeScout is a self-hosted help desk and shared mailbox. A Stored Cross-Site Scripting (XSS) vulnerability has been identified within the Signature Input Field of the FreeScout Application prior to version 1.8.128. Stored XSS occurs when user input is not properly sanitized and…
- CVE-2024-28186Mar 12, 2024risk 0.00cvss —epss 0.01
FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the…
Page 4 of 4