CVE-2024-34698

FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...

FreeScout 注入漏洞

FreeScout is an ultra-lightweight and powerful free open source helpdesk and shared inbox built using PHP Laravel framework. An injection vulnerability exists in versions prior to FreeScout 1.8.139 that stems from the presence of HTML injection, allowing an attacker to inject malicious HTML conte...

CVE-2024-34698 Prototype Pollution in getQueryParam Function (URL Query Parser)

FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...

CVE-2024-34697

FreeScout (Email Receival Module) is affected by a stored HTML Injection in versions prior to 1.8.139. Unauthenticated attackers can inject HTML into received emails, enabling risks such as form hijacking, application defacement, or data exfiltration via CSS injection. The issue is addressed by u...

CVE-2024-34697 Freescout vulnerable to Stored HTML Injection in Editing Received Emails

FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the application's mailbox. Th...

PT-2024-26114 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.139 Description: A stored HTML Injection issue has been identified in the Email Receival Module of the FreeScout Application. This issue allows attackers to inject malicious HTML content into emails sent to the...