Lucene search
K

40 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.9 views

CVE-2026-41191

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, MailboxesController::updateSave persists chatstartnew outside the allowed-field filter. A user with only the mailbox sig permission sees only the signature field in the UI, but can still change the hidden...

7.1CVSS5.5AI score0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 7:52 p.m.12 views

CVE-2026-45294 FreeScout: User Account Enumeration via Password Reset Response Differentiation

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted email address belongs to an existing user account, allowing unauthenticated attackers to enumerat...

5.3CVSS5.8AI score0.0021EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 7:52 p.m.38 views

CVE-2026-45294 FreeScout: User Account Enumeration via Password Reset Response Differentiation

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted email address belongs to an existing user account, allowing unauthenticated attackers to enumerat...

5.3CVSS0.0021EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-44995

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the PERM EDIT...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/09 2:21 a.m.9 views

CVE-2026-41902

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/hash endpoint accepts a 60-character random invitehash to set a new user's password. The endpoint performs no expiration check — the hash remains valid indefinitely until...

9.1CVSS5.8AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/09 2:21 a.m.9 views

CVE-2026-41903

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERMEDITUSERS permission intended for general user-profile editing can read and modify the notification subscriptions of any other user, including admins, by sending a...

5.4CVSS5.8AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/08 8:21 p.m.7 views

CVE-2026-41906

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...

7.1CVSS5.7AI score0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/07 6:3 p.m.33 views

CVE-2026-41902 FreeScout's user invitation hash never expires: permanent unauthenticated account takeover if invite link leaks

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/hash endpoint accepts a 60-character random invitehash to set a new user's password. The endpoint performs no expiration check — the hash remains valid indefinitely until...

9.1CVSS0.00246EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/22 7:22 p.m.5 views

CVE-2026-41194

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the mailbox OAuth disconnect action is implemented as GET /mailbox/oauth-disconnect/id/inout/provider. It removes stored OAuth metadata from the mailbox and then redirects. Because it is a GET route, no CSRF...

5.4CVSS5.6AI score0.0012EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 5:16 p.m.6 views

CVE-2026-40591

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled customerid, name, toemail, and phone values and resolves the target customer in the backend without enforcing mailbox-scoped customer visibility...

7.1CVSS0.00211EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/21 5:15 p.m.4 views

EUVD-2026-24223

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a specially crafted ZIP...

9.1CVSS5.8AI score0.00392EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/21 5:6 p.m.3 views

CVE-2026-41190

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when APPSHOWONLYASSIGNEDCONVERSATIONS is enabled, direct conversation view correctly blocks users who are neither the assignee nor the creator. The savedraft AJAX path is weaker. A direct POST can create a dra...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 5:4 p.m.3 views

CVE-2026-41189 FreeScout has assigned-only visibility bypass that allows editing hidden customer-authored threads

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through ThreadPolicy::edit, which checks mailbox access but does not apply the assigned-only restriction from ConversationPolicy. A user who cannot view a conversation can...

7.1CVSS5.8AI score0.00223EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/21 4:54 p.m.4 views

EUVD-2026-24187

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled customerid, name, toemail, and phone values and resolves the target customer in the backend without enforcing mailbox-scoped customer visibility...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/21 4:48 p.m.4 views

CVE-2026-40570

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/21 4:8 p.m.4 views

EUVD-2026-24169

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting XSS vulnerability in the mailbox signature feature. The sanitization function Helper::stripDangerousTags app/Misc/Helper.php:568 uses an incomplete blocklist of only four HTM...

8.5CVSS5.8AI score0.00238EPSS
Exploits0References3
CVE
CVE
added 2026/04/21 4:8 p.m.18 views

CVE-2026-40568

Summary (CVE-2026-40568) : FreeScout prior to version 1.8.213 contains a stored XSS in the mailbox signature due to incomplete HTML sanitization in Helper::stripDangerousTags(). The sanitizer blocks only four tags (script, form, iframe, object) and misses event-handler attributes, allowing HTML e...

8.5CVSS5.8AI score0.00238EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/21 3:1 p.m.10 views

EUVD-2026-24137

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APPKEY, which is exposed i...

9.3CVSS5.8AI score0.00571EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.13 views

PT-2026-34010

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery SSRF vulnerability in the IMAP/SMTP connection test functionality of FreeScout's MailboxesController. Three AJAX actions fetch test line 731, send test line 682, and imap...

4.1CVSS5.8AI score0.00291EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.215 contained security vulnerabilities. These vulnerabilities stemmed from the MailboxesController::updateSave function, which...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References1
Rows per page
Query Builder