Lucene search
K

683 matches found

Positive Technologies
Positive Technologies
added 2024/10/12 12:0 a.m.6 views

PT-2024-14501 · Unknown · Freescout End-User Portal

Name of the Vulnerable Software and Affected Versions: FreeScout End-User Portal module versions prior to 1.0.65 Description: The issue allows an attacker to authenticate as an arbitrary user because a session token can be sent to the "/auth" endpoint. Recommendations: For versions prior to 1.0.6...

9.1CVSS7AI score0.00609EPSS
Exploits1References8
NVD
NVD
added 2024/05/14 3:39 p.m.10 views

CVE-2024-34698

FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...

6.3CVSS4.8AI score0.00461EPSS
Exploits1References2
NVD
NVD
added 2024/05/14 3:39 p.m.21 views

CVE-2024-34697

FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the application's mailbox. Th...

7.6CVSS7.8AI score0.00575EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.5 views

FreeScout 注入漏洞

FreeScout is an ultra-lightweight and powerful free open source helpdesk and shared inbox built using PHP Laravel framework. An injection vulnerability exists in versions prior to FreeScout 1.8.139 that stems from the presence of HTML injection, allowing an attacker to inject malicious HTML conte...

7.6CVSS7AI score0.00575EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.8 views

FreeScout 安全漏洞

FreeScout is an ultra-lightweight and powerful free open source helpdesk and shared inbox built using PHP Laravel framework. A security vulnerability exists in FreeScout versions prior to 1.8.139 that stems from the presence of prototype contamination...

6.3CVSS6.7AI score0.00461EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/05/13 3:50 p.m.21 views

CVE-2024-34698 Prototype Pollution in getQueryParam Function (URL Query Parser)

FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...

4.6CVSS5.1AI score0.00461EPSS
Exploits1References2
OSV
OSV
added 2024/05/13 3:50 p.m.34 views

CVE-2024-34698 Prototype Pollution in getQueryParam Function (URL Query Parser)

FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...

4.6CVSS6.7AI score0.00461EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/05/13 3:50 p.m.16 views

CVE-2024-34698 Prototype Pollution in getQueryParam Function (URL Query Parser)

FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...

4.6CVSS6.8AI score0.00461EPSS
Exploits1References2
CVE
CVE
added 2024/05/13 3:50 p.m.51 views

CVE-2024-34698

FreeScout versions prior to 1.8.139 are affected by a Prototype Pollution flaw in the getQueryParam function in /public/js/main.js. The function recursively merges user-controllable properties, enabling an attacker to inject a proto key and nested properties, which pollute the target object’s pro...

6.3CVSS6.7AI score0.00461EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/13 3:45 p.m.12 views

CVE-2024-34697 Freescout vulnerable to Stored HTML Injection in Editing Received Emails

FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the application's mailbox. Th...

7.6CVSS7.2AI score0.00575EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/05/13 3:45 p.m.50 views

CVE-2024-34697 Freescout vulnerable to Stored HTML Injection in Editing Received Emails

FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the application's mailbox. Th...

7.6CVSS7.9AI score0.00575EPSS
Exploits1References2
CVE
CVE
added 2024/05/13 3:45 p.m.48 views

CVE-2024-34697

FreeScout (Email Receival Module) is affected by a stored HTML Injection in versions prior to 1.8.139. Unauthenticated attackers can inject HTML into received emails, enabling risks such as form hijacking, application defacement, or data exfiltration via CSS injection. The issue is addressed by u...

7.6CVSS7.2AI score0.00575EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/05/13 3:45 p.m.25 views

CVE-2024-34697 Freescout vulnerable to Stored HTML Injection in Editing Received Emails

FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the application's mailbox. Th...

7.6CVSS7AI score0.00575EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.5 views

PT-2024-26115 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.139 Description: The issue arises from a Prototype Pollution vulnerability in the /public/js/main.js source file. This vulnerability occurs because the getQueryParam function recursively merges an object...

6.3CVSS6.8AI score0.00461EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.7 views

PT-2024-26114 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.139 Description: A stored HTML Injection issue has been identified in the Email Receival Module of the FreeScout Application. This issue allows attackers to inject malicious HTML content into emails sent to the...

7.6CVSS7.6AI score0.00575EPSS
Exploits1References5
NVD
NVD
added 2024/03/22 5:15 p.m.14 views

CVE-2024-29184

FreeScout is a self-hosted help desk and shared mailbox. A Stored Cross-Site Scripting XSS vulnerability has been identified within the Signature Input Field of the FreeScout Application prior to version 1.8.128. Stored XSS occurs when user input is not properly sanitized and is stored on the...

8CVSS7.2AI score0.00861EPSS
Exploits1References1
NVD
NVD
added 2024/03/22 5:15 p.m.10 views

CVE-2024-29185

FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the phppath parameter is being executed as an OS command by the shellexec function, without validating it. This allows an...

9CVSS9.6AI score0.01731EPSS
Exploits1References1
OSV
OSV
added 2024/03/22 5:3 p.m.5 views

CVE-2024-29185 FreeScout OS Command Injection vulnerability

FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the phppath parameter is being executed as an OS command by the shellexec function, without validating it. This allows an...

9CVSS8.1AI score0.01731EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/03/22 5:3 p.m.20 views

CVE-2024-29185 FreeScout OS Command Injection vulnerability

FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the phppath parameter is being executed as an OS command by the shellexec function, without validating it. This allows an...

9CVSS9.8AI score0.01731EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/03/22 5:3 p.m.16 views

CVE-2024-29185 FreeScout OS Command Injection vulnerability

FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the phppath parameter is being executed as an OS command by the shellexec function, without validating it. This allows an...

9CVSS8AI score0.01731EPSS
Exploits1References1
Rows per page
Query Builder