4 matches found
CVE-2026-41191
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, MailboxesController::updateSave persists chatstartnew outside the allowed-field filter. A user with only the mailbox sig permission sees only the signature field in the UI, but can still change the hidden...
CVE-2026-41191 FreeScout's signature only mailbox permission allows unauthorized mailbox chat setting changes
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, MailboxesController::updateSave persists chatstartnew outside the allowed-field filter. A user with only the mailbox sig permission sees only the signature field in the UI, but can still change the hidden...
CVE-2026-41191 FreeScout's signature only mailbox permission allows unauthorized mailbox chat setting changes
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, MailboxesController::updateSave persists chatstartnew outside the allowed-field filter. A user with only the mailbox sig permission sees only the signature field in the UI, but can still change the hidden...
CVE-2026-41191
FreeScout vulnerability detail: before 1.8.215, MailboxesController::updateSave() persists chat_start_new outside the allowed-field filter. A user with only the mailbox sig permission can alter the hidden mailbox-wide chat setting via direct POST, despite UI restricting to the signature field. Ve...