Lucene search
+L

708 matches found

EUVD
EUVD
added 2026/05/07 6:9 p.m.11 views

EUVD-2026-28409

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...

7.1CVSS5.7AI score0.00168EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 6:9 p.m.8 views

CVE-2026-41906

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...

7.1CVSS5.7AI score0.00168EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/07 6:9 p.m.19 views

CVE-2026-41906

FreeScout (PHP Laravel) prior to 1.8.214 is vulnerable: the backend action conversation_change_customer accepts any supplied customer_email, allowing a low-privilege agent to bind a visible conversation to a hidden customer in another mailbox via forged requests. The Change Customer modal correct...

7.1CVSS5.7AI score0.00168EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 6:9 p.m.4 views

CVE-2026-41906 FreeScout: Conversation Change-Customer Cross-Mailbox Authorization Bypass

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...

7.1CVSS5.9AI score0.00168EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/07 6:8 p.m.36 views

CVE-2026-41905 FreeScout vulnerable to SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata access

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...

7.7CVSS0.00209EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 6:8 p.m.6 views

CVE-2026-41905 FreeScout vulnerable to SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata access

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...

7.7CVSS5.8AI score0.00209EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 6:8 p.m.10 views

EUVD-2026-28408

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...

7.7CVSS5.8AI score0.00209EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 6:8 p.m.8 views

CVE-2026-41905

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...

7.7CVSS5.8AI score0.00209EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/07 6:8 p.m.22 views

CVE-2026-41905

FreeScout (PHP Laravel) before version 1.8.217 is affected by an SSRF issue in Helper::sanitizeRemoteUrl() where curlGetLastRedirectedUrl() returns the final destination URL but the code re-validates the original URL. This allows an attacker who can supply a URL passing the initial host check to ...

7.7CVSS5.8AI score0.00209EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 6:8 p.m.3 views

CVE-2026-41905 FreeScout vulnerable to SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata access

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...

7.7CVSS5.9AI score0.00209EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/07 6:5 p.m.33 views

CVE-2026-41904 FreeScout Stored XSS vulnerability in mailbox auto-reply: payload reaches every customer's email client (no CSP), bypassing strip_tags validator with mixed text+HTML content

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...

7.6CVSS0.00171EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 6:5 p.m.9 views

EUVD-2026-28407

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...

7.6CVSS5.7AI score0.00171EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 6:5 p.m.23 views

CVE-2026-41904

FreeScout (PHP/Laravel) prior to version 1.8.217 is affected by a Stored XSS in the mailbox auto-reply feature. A user with updateAutoReply permission can store an XSS payload in the auto-reply message, which is rendered unescaped in auto-reply emails sent to customers. As email clients do not en...

7.6CVSS5.7AI score0.00171EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 6:5 p.m.7 views

CVE-2026-41904

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...

7.6CVSS5.7AI score0.00171EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 6:5 p.m.7 views

CVE-2026-41904 FreeScout Stored XSS vulnerability in mailbox auto-reply: payload reaches every customer's email client (no CSP), bypassing strip_tags validator with mixed text+HTML content

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...

7.6CVSS5.7AI score0.00171EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 6:5 p.m.3 views

CVE-2026-41904 FreeScout Stored XSS vulnerability in mailbox auto-reply: payload reaches every customer's email client (no CSP), bypassing strip_tags validator with mixed text+HTML content

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...

7.6CVSS5.9AI score0.00171EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/07 6:3 p.m.12 views

EUVD-2026-28405

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/hash endpoint accepts a 60-character random invitehash to set a new user's password. The endpoint performs no expiration check — the hash remains valid indefinitely until...

9.1CVSS5.8AI score0.00246EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 6:3 p.m.7 views

CVE-2026-41902 FreeScout's user invitation hash never expires: permanent unauthenticated account takeover if invite link leaks

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/hash endpoint accepts a 60-character random invitehash to set a new user's password. The endpoint performs no expiration check — the hash remains valid indefinitely until...

9.1CVSS5.8AI score0.00246EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 6:3 p.m.19 views

CVE-2026-41902

CVE-2026-41902 affects FreeScout (Laravel-based help desk). Before v1.8.217, the endpoint /user-setup/{hash} accepts a 60-character invite_hash to set a new user’s password and does not expire the hash, leaving it valid until used. If the invite link leaks (e.g., forwarded emails, logs, or referr...

9.1CVSS5.8AI score0.00246EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 6:3 p.m.3 views

CVE-2026-41902 FreeScout's user invitation hash never expires: permanent unauthenticated account takeover if invite link leaks

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/hash endpoint accepts a 60-character random invitehash to set a new user's password. The endpoint performs no expiration check — the hash remains valid indefinitely until...

9.1CVSS5.9AI score0.00246EPSS
Exploits0References4
Rows per page
Query Builder