683 matches found
PT-2024-14501 · Unknown · Freescout End-User Portal
Name of the Vulnerable Software and Affected Versions: FreeScout End-User Portal module versions prior to 1.0.65 Description: The issue allows an attacker to authenticate as an arbitrary user because a session token can be sent to the "/auth" endpoint. Recommendations: For versions prior to 1.0.6...
CVE-2024-34698
FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...
CVE-2024-34697
FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the application's mailbox. Th...
FreeScout 注入漏洞
FreeScout is an ultra-lightweight and powerful free open source helpdesk and shared inbox built using PHP Laravel framework. An injection vulnerability exists in versions prior to FreeScout 1.8.139 that stems from the presence of HTML injection, allowing an attacker to inject malicious HTML conte...
FreeScout 安全漏洞
FreeScout is an ultra-lightweight and powerful free open source helpdesk and shared inbox built using PHP Laravel framework. A security vulnerability exists in FreeScout versions prior to 1.8.139 that stems from the presence of prototype contamination...
CVE-2024-34698 Prototype Pollution in getQueryParam Function (URL Query Parser)
FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...
CVE-2024-34698 Prototype Pollution in getQueryParam Function (URL Query Parser)
FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...
CVE-2024-34698 Prototype Pollution in getQueryParam Function (URL Query Parser)
FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...
CVE-2024-34698
FreeScout versions prior to 1.8.139 are affected by a Prototype Pollution flaw in the getQueryParam function in /public/js/main.js. The function recursively merges user-controllable properties, enabling an attacker to inject a proto key and nested properties, which pollute the target object’s pro...
CVE-2024-34697 Freescout vulnerable to Stored HTML Injection in Editing Received Emails
FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the application's mailbox. Th...
CVE-2024-34697 Freescout vulnerable to Stored HTML Injection in Editing Received Emails
FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the application's mailbox. Th...
CVE-2024-34697
FreeScout (Email Receival Module) is affected by a stored HTML Injection in versions prior to 1.8.139. Unauthenticated attackers can inject HTML into received emails, enabling risks such as form hijacking, application defacement, or data exfiltration via CSS injection. The issue is addressed by u...
CVE-2024-34697 Freescout vulnerable to Stored HTML Injection in Editing Received Emails
FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the application's mailbox. Th...
PT-2024-26115 · Freescout · Freescout
Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.139 Description: The issue arises from a Prototype Pollution vulnerability in the /public/js/main.js source file. This vulnerability occurs because the getQueryParam function recursively merges an object...
PT-2024-26114 · Freescout · Freescout
Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.139 Description: A stored HTML Injection issue has been identified in the Email Receival Module of the FreeScout Application. This issue allows attackers to inject malicious HTML content into emails sent to the...
CVE-2024-29184
FreeScout is a self-hosted help desk and shared mailbox. A Stored Cross-Site Scripting XSS vulnerability has been identified within the Signature Input Field of the FreeScout Application prior to version 1.8.128. Stored XSS occurs when user input is not properly sanitized and is stored on the...
CVE-2024-29185
FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the phppath parameter is being executed as an OS command by the shellexec function, without validating it. This allows an...
CVE-2024-29185 FreeScout OS Command Injection vulnerability
FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the phppath parameter is being executed as an OS command by the shellexec function, without validating it. This allows an...
CVE-2024-29185 FreeScout OS Command Injection vulnerability
FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the phppath parameter is being executed as an OS command by the shellexec function, without validating it. This allows an...
CVE-2024-29185 FreeScout OS Command Injection vulnerability
FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the phppath parameter is being executed as an OS command by the shellexec function, without validating it. This allows an...