PT-2025-64: Stored Cross-site scripting in FreeScout

The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to store malicious HTML/JavaScript scripts that is later executed in other users’ browsers due to insufficient input validation and sanitization. Vulnerability status:...

PT-2025-53: Business Logic Errors in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to gain access to a functional capability without completing the required sequence of actions, bypassing the intended business workflow. Vulnerability status: Confirmed b...

PT-2025-59: Stored Cross-site scripting in FreeScout

The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to store malicious HTML/JavaScript scripts that is later executed in other users’ browsers due to insufficient input validation and sanitization. Vulnerability status:...

PT-2025-45: Arbitrary file upload in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to upload arbitrary including executable files containing malicious code because the application does not perform sufficient validation of uploaded files. Vulnerability...

PT-2025-50: Business Logic Errors in FreeScout

The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to gain access to a functional capability without completing the required sequence of actions, bypassing the intended business workflow. Vulnerability status: Confirmed ...

PT-2025-60: Stored Cross-site scripting in FreeScout

The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to store malicious HTML/JavaScript scripts that is later executed in other users’ browsers due to insufficient input validation and sanitization. Vulnerability status:...

PT-2025-43: Deserialization of untrusted data in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to execute arbitrary code on the server because the application performs insufficient validation of user‑supplied data during deserialization. Vulnerability status:...