VYPR

Vendor CVEs

Freescout

All CVEs

71 total · sorted by risk
  • CVE-2026-41902CriMay 7, 2026
    risk 0.59cvss 9.1epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/{hash} endpoint accepts a 60-character random invite_hash to set a new user's password. The endpoint performs no expiration check — the hash remains…

  • CVE-2023-52268CriNov 12, 2024
    risk 0.59cvss 9.1epss 0.01

    The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub.

  • CVE-2026-40498CriApr 21, 2026
    risk 0.57cvss 9.8epss 0.01

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APP_KEY,…

  • CVE-2026-41193CriApr 21, 2026
    risk 0.52cvss 9.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a…

  • CVE-2026-40569CriApr 21, 2026
    risk 0.52cvss 9.0epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout (`connectionIncomingSave()` at `app/Http/Controllers/MailboxesController.php:468` and…

  • CVE-2026-40496CriApr 21, 2026
    risk 0.52cvss 9.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: `md5(APP_KEY + attachment_id + size)`. Since attachment_id is sequential and size can be brute-forced in a small…

  • CVE-2026-40568HigApr 21, 2026
    risk 0.48cvss 8.5epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting (XSS) vulnerability in the mailbox signature feature. The sanitization function `Helper::stripDangerousTags()` (`app/Misc/Helper.php:568`) uses an…

  • CVE-2026-40497HigApr 21, 2026
    risk 0.46cvss 8.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's `Helper::stripDangerousTags()` removes ``, ``, ``, `` but does NOT strip `` tags. The mailbox signature field is saved via POST…

  • CVE-2026-41905HigMay 7, 2026
    risk 0.43cvss 7.7epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl() in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl() but then re-validates the original URL instead of the final…

  • CVE-2026-47123HigMay 29, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent (user) replies based on In-Reply-To / References headers. The…

  • CVE-2026-41904HigMay 7, 2026
    risk 0.42cvss 7.6epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every…

  • CVE-2026-40589HigApr 21, 2026
    risk 0.42cvss 7.6epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer in another mailbox. The server discloses the hidden customer’s name and…

  • CVE-2026-39384HigApr 7, 2026
    risk 0.42cvss 7.6epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not take the limit_user_customer_visibility parameter into account when merging customers. This vulnerability is fixed in 1.8.212.

  • CVE-2026-41906HigMay 7, 2026
    risk 0.39cvss 7.1epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversation_change_customer action accepts…

  • CVE-2026-41192HigApr 21, 2026
    risk 0.39cvss 7.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment IDs. Any IDs present in `attachments_all[]` but omitted from retained lists are decrypted and passed directly to…

  • CVE-2026-41191HigApr 21, 2026
    risk 0.39cvss 7.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, `MailboxesController::updateSave()` persists `chat_start_new` outside the allowed-field filter. A user with only the mailbox `sig` permission sees only the signature field in the UI, but can…

  • CVE-2026-41190HigApr 21, 2026
    risk 0.39cvss 7.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when `APP_SHOW_ONLY_ASSIGNED_CONVERSATIONS` is enabled, direct conversation view correctly blocks users who are neither the assignee nor the creator. The `save_draft` AJAX path is weaker. A…

  • CVE-2026-41189HigApr 21, 2026
    risk 0.39cvss 7.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through `ThreadPolicy::edit()`, which checks mailbox access but does not apply the assigned-only restriction from `ConversationPolicy`. A user who cannot…

  • CVE-2026-40591HigApr 21, 2026
    risk 0.39cvss 7.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled `customer_id`, `name`, `to_email`, and `phone` values and resolves the target customer in the backend without enforcing…

  • CVE-2026-41903MedMay 7, 2026
    risk 0.35cvss 5.4epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERM_EDIT_USERS permission (intended for general user-profile editing) can read and modify the notification subscriptions of any other user, including…

  • CVE-2026-35584MedApr 7, 2026
    risk 0.35cvss 6.5epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /thread/read/{conversation_id}/{thread_id} does not require authentication and does not validate whether the given thread_id belongs to the given…

  • CVE-2026-40565MedApr 21, 2026
    risk 0.33cvss 6.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify() function in app/Misc/Helper.php converts plain-text URLs in email bodies into HTML anchor tags without escaping double-quote characters (") in the URL. HTMLPurifier…

  • CVE-2026-40592MedApr 21, 2026
    risk 0.31cvss 5.9epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the undo-send route `GET /conversation/undo-reply/{thread_id}` checks only whether the current user can view the parent conversation. It does not verify that the current user created the…

  • CVE-2026-40567MedApr 21, 2026
    risk 0.31cvss 5.8epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database…

  • CVE-2026-40570MedApr 21, 2026
    risk 0.30cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the `load_customer_info` action in `POST /conversation/ajax` returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid…

  • CVE-2026-41194MedApr 21, 2026
    risk 0.28cvss 5.4epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the mailbox OAuth disconnect action is implemented as `GET /mailbox/oauth-disconnect/{id}/{in_out}/{provider}`. It removes stored OAuth metadata from the mailbox and then redirects. Because…

  • CVE-2026-34442MedMar 31, 2026
    risk 0.28cvss 5.4epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version (http://localhost:8080/system/status) allows an attacker to inject an arbitrary domain into generated absolute URLs. This…

  • CVE-2026-45294MedMay 29, 2026
    risk 0.27cvss 5.3epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted email address belongs to an existing user account, allowing unauthenticated…

  • CVE-2026-34443MedMar 31, 2026
    risk 0.27cvss 5.3epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask() in app/Misc/Helper.php checks whether the input IP contains a / character. Plain IP addresses never contain /, so the function always returns false…

  • CVE-2026-48811MedMay 29, 2026
    risk 0.21cvss 4.3epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note (private thread) from any conversation, even after that user's access to the mailbox containing the…

  • CVE-2026-48810MedMay 29, 2026
    risk 0.21cvss 4.3epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with…

  • CVE-2026-41183MedApr 21, 2026
    risk 0.21cvss 4.3epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal…

  • CVE-2026-40590MedApr 21, 2026
    risk 0.21cvss 4.3epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change Customer modal exposes a “Create a new customer” flow via POST /customers/ajax with action=create. Under limited visibility, the endpoint drops unique-email validation. If the…

  • CVE-2026-40566MedApr 21, 2026
    risk 0.20cvss 4.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery (SSRF) vulnerability in the IMAP/SMTP connection test functionality of FreeScout's `MailboxesController`. Three AJAX actions `fetch_test` (line 731),…

  • CVE-2026-28289Mar 3, 2026
    risk 0.05cvss epss 0.31

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution (RCE) on the server by…

  • CVE-2026-27636Feb 25, 2026
    risk 0.03cvss epss 0.02

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in `app/Misc/Helper.php` does not include `.htaccess` or `.user.ini` files. On Apache servers with `AllowOverride All` (a common…

  • CVE-2026-32754Mar 19, 2026
    risk 0.00cvss epss 0.01

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.208 and below are vulnerable to Stored Cross-Site Scripting (XSS) through FreeScout's email notification templates. Incoming email bodies are stored in the database without…

  • CVE-2026-32753Mar 19, 2026
    risk 0.00cvss epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, bypasses of the attachment view logic and SVG sanitizer make it possible to upload and render an SVG that runs malicious JavaScript. An extension of .png with…

  • CVE-2026-32752Mar 19, 2026
    risk 0.00cvss epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, the ThreadPolicy::edit() method contains a broken access control vulnerability that allows any authenticated user (regardless of role or mailbox access) to read and…

  • CVE-2026-27637Feb 25, 2026
    risk 0.00cvss epss 0.01

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's `TokenAuth` middleware uses a predictable authentication token computed as `MD5(user_id + created_at + APP_KEY)`. This token is static (never…

  • CVE-2025-58163Sep 3, 2025
    risk 0.00cvss epss 0.01

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.185 and earlier contain a deserialization of untrusted data vulnerability that allows authenticated attackers with knowledge of the application's APP_KEY to achieve remote code…

  • CVE-2025-54366Jul 26, 2025
    risk 0.00cvss epss 0.01

    FreeScout is a lightweight free open source help desk and shared inbox built with PHP (Laravel framework). In versions 1.8.185 and below, there is a critical deserialization vulnerability in the /conversation/ajax endpoint that allows authenticated users with knowledge of the…

  • CVE-2025-48488May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, deleting the file .htaccess allows an attacker to upload an HTML file containing malicious JavaScript code to the server, which can result in a Cross-Site Scripting (XSS) vulnerability. This…

  • CVE-2025-48880May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, when an administrative account is a deleting a user, there is the the possibility of a race condition occurring. This issue has been patched in version 1.8.181.

  • CVE-2025-48875May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system's incorrect validation of last_name and first_name during profile data updates allows for the injection of arbitrary JavaScript code, which will be executed in a flesh-message when…

  • CVE-2025-48489May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to insufficient data validation and sanitization during data reception. This issue has been patched in version 1.8.180.

  • CVE-2025-48487May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when creating a translation of a phrase that appears in a flash-message after a completed action, it is possible to inject a payload to exploit XSS vulnerability. This issue has been patched…

  • CVE-2025-48486May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the cross-site scripiting (XSS) vulnerability is caused by the lack of input validation and sanitization in both \Session::flash and __, allowing user input to be executed without proper…

  • CVE-2025-48485May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data when an authenticated user updates the profile of an…

  • CVE-2025-48484May 30, 2025
    risk 0.00cvss epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data in the conversation POST data body. This issue has…

Page 1 of 2