PT-2025-52: Business Logic Errors in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to gain access to a functional capability without completing the required sequence of actions, bypassing the intended business workflow. Vulnerability status: Confirmed b...

PT-2025-46: Insufficient authorization in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to access information or functionality that exceeds the privileges granted to the user because the application checks access rights incorrectly. Vulnerability status:...

PT-2025-57: Stored XSS leads to CSRF in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to store an XSS payload that later triggers forged requests on behalf of the victim CSRF, broadening the impact of the attack. Vulnerability status: Confirmed by vendor...

PT-2025-56: Business Logic Errors in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to skip a required workflow step and still obtain the functional capability. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 23.05.2025...

PT-2025-62: Stored Cross-site scripting in FreeScout

The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to store malicious HTML/JavaScript scripts that is later executed in other users’ browsers due to insufficient input validation and sanitization. Vulnerability status:...

PT-2025-55: Business Logic Errors in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to skip a required workflow step and still obtain the functional capability. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 23.05.2025...

PT-2025-42: Insufficient Protection Against CRLF-injection in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to inject special characters into string‑formatting functions because user input is not properly validated, leading to CRLF‑injection attacks. Vulnerability status:...

PT-2025-44: Remote Code Execution (RCE) in FreeScout

The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to execute arbitrary code on the server because input validation is insufficient; the attacker can upload a command‑line interpreter and gain full system control...

PT-2025-58: Stored Cross-site scripting in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to store malicious HTML/JavaScript scripts that is later executed in other users’ browsers due to insufficient input validation and sanitization. Vulnerability status:...