708 matches found
EUVD-2026-28409
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...
CVE-2026-41906
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...
CVE-2026-41906
FreeScout (PHP Laravel) prior to 1.8.214 is vulnerable: the backend action conversation_change_customer accepts any supplied customer_email, allowing a low-privilege agent to bind a visible conversation to a hidden customer in another mailbox via forged requests. The Change Customer modal correct...
CVE-2026-41906 FreeScout: Conversation Change-Customer Cross-Mailbox Authorization Bypass
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...
CVE-2026-41905 FreeScout vulnerable to SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata access
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...
CVE-2026-41905 FreeScout vulnerable to SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata access
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...
EUVD-2026-28408
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...
CVE-2026-41905
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...
CVE-2026-41905
FreeScout (PHP Laravel) before version 1.8.217 is affected by an SSRF issue in Helper::sanitizeRemoteUrl() where curlGetLastRedirectedUrl() returns the final destination URL but the code re-validates the original URL. This allows an attacker who can supply a URL passing the initial host check to ...
CVE-2026-41905 FreeScout vulnerable to SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata access
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...
CVE-2026-41904 FreeScout Stored XSS vulnerability in mailbox auto-reply: payload reaches every customer's email client (no CSP), bypassing strip_tags validator with mixed text+HTML content
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...
EUVD-2026-28407
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...
CVE-2026-41904
FreeScout (PHP/Laravel) prior to version 1.8.217 is affected by a Stored XSS in the mailbox auto-reply feature. A user with updateAutoReply permission can store an XSS payload in the auto-reply message, which is rendered unescaped in auto-reply emails sent to customers. As email clients do not en...
CVE-2026-41904
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...
CVE-2026-41904 FreeScout Stored XSS vulnerability in mailbox auto-reply: payload reaches every customer's email client (no CSP), bypassing strip_tags validator with mixed text+HTML content
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...
CVE-2026-41904 FreeScout Stored XSS vulnerability in mailbox auto-reply: payload reaches every customer's email client (no CSP), bypassing strip_tags validator with mixed text+HTML content
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...
EUVD-2026-28405
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/hash endpoint accepts a 60-character random invitehash to set a new user's password. The endpoint performs no expiration check — the hash remains valid indefinitely until...
CVE-2026-41902 FreeScout's user invitation hash never expires: permanent unauthenticated account takeover if invite link leaks
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/hash endpoint accepts a 60-character random invitehash to set a new user's password. The endpoint performs no expiration check — the hash remains valid indefinitely until...
CVE-2026-41902
CVE-2026-41902 affects FreeScout (Laravel-based help desk). Before v1.8.217, the endpoint /user-setup/{hash} accepts a 60-character invite_hash to set a new user’s password and does not expire the hash, leaving it valid until used. If the invite link leaks (e.g., forwarded emails, logs, or referr...
CVE-2026-41902 FreeScout's user invitation hash never expires: permanent unauthenticated account takeover if invite link leaks
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/hash endpoint accepts a 60-character random invitehash to set a new user's password. The endpoint performs no expiration check — the hash remains valid indefinitely until...