Lucene search
K

3392 matches found

The Hacker News
The Hacker News
added 2025/06/03 11:0 a.m.14 views

Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization

In the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling over into the mainstream news due to the severity of the disruption caused — currently looking like hundreds of millions in lost profits for M&S alon...

7.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/06/01 6:35 a.m.8 views

CVE-2025-48486

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the cross-site scripiting XSS vulnerability is caused by the lack of input validation and sanitization in both \Session::flash and , allowing user input to be executed without proper filtering. This issue has...

6.1CVSS6.3AI score0.00216EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/01 6:35 a.m.12 views

CVE-2025-48487

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when creating a translation of a phrase that appears in a flash-message after a completed action, it is possible to inject a payload to exploit XSS vulnerability. This issue has been patched in version 1.8.180...

6CVSS6AI score0.00222EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/01 6:35 a.m.6 views

CVE-2025-48488

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, deleting the file .htaccess allows an attacker to upload an HTML file containing malicious JavaScript code to the server, which can result in a Cross-Site Scripting XSS vulnerability. This issue has been patch...

5.4CVSS6AI score0.00216EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/01 5:35 a.m.9 views

CVE-2025-48482

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill method, which processes fields such as channel and channelid. However, the fill method is called with all client-provided...

5.3CVSS6.9AI score0.00287EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/01 4:35 a.m.8 views

CVE-2025-48477

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence of actions to implement a functional capability, but the application allows access to the functional capability without correctly...

8.1CVSS6.8AI score0.0041EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/01 4:35 a.m.9 views

CVE-2025-48479

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the laravel-translation-manager package does not correctly validate user input, enabling the deletion of any directory, given sufficient access rights. This issue has been patched in version 1.8.180...

8.5CVSS6.8AI score0.0027EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/31 4:38 p.m.14 views

CVE-2025-48474

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application incorrectly checks user access rights for conversations. Users with showonlyassignedconversations enabled can assign themselves to an arbitrary conversation from the mailbox to which they have...

8.1CVSS7AI score0.00406EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/31 3:52 p.m.8 views

CVE-2025-48473

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, when creating a conversation from a message in another conversation, there is no check to ensure that the user has the ability to view this message. Thus, the user can view arbitrary messages from other...

5.3CVSS6.9AI score0.00321EPSS
Exploits1References1
OSV
OSV
added 2025/05/30 6:17 a.m.8 views

CVE-2025-48486 FreeScout Vulnerable to Stored XSS

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the cross-site scripiting XSS vulnerability is caused by the lack of input validation and sanitization in both \Session::flash and , allowing user input to be executed without proper filtering. This issue has...

6.1CVSS6.1AI score0.00216EPSS
Exploits1References3
NVD
NVD
added 2025/05/30 5:15 a.m.10 views

CVE-2025-48477

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence of actions to implement a functional capability, but the application allows access to the functional capability without correctly...

8.1CVSS0.0041EPSS
Exploits1References1
NVD
NVD
added 2025/05/30 5:15 a.m.10 views

CVE-2025-48476

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result...

8.8CVSS0.00448EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/30 4:35 a.m.13 views

CVE-2025-48482 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill method, which processes fields such as channel and channelid. However, the fill method is called with all client-provided...

5.3CVSS0.00287EPSS
Exploits1References1
CVE
CVE
added 2025/05/30 4:35 a.m.65 views

CVE-2025-48482

CVE-2025-48482 affects FreeScout (PHP/Laravel). The issue is a mass assignment vulnerability in the Customer object where the fill() method processes client-provided data (including fields like channel and channel_id), allowing unexpected values to be accepted. The vulnerability is fixed in versi...

5.3CVSS6.6AI score0.00287EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/05/30 4:35 a.m.20 views

CVE-2025-48481 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invitehash, can exploit this vulnerability to self-activate their account, despite it being blocked or deleted, by leveraging the invitation link fro...

6.1CVSS0.00452EPSS
Exploits1References1
OSV
OSV
added 2025/05/30 4:34 a.m.6 views

CVE-2025-48480 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an authorized user with the administrator role or with the privilege User::PERMEDITUSERS can create a user, specifying the path to the user's avatar ../.htaccess during creation, and then delete the user's...

7CVSS6.7AI score0.0027EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/05/30 4:31 a.m.9 views

CVE-2025-48477 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence of actions to implement a functional capability, but the application allows access to the functional capability without correctly...

7.1CVSS6.8AI score0.0041EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/30 4:31 a.m.13 views

CVE-2025-48477 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence of actions to implement a functional capability, but the application allows access to the functional capability without correctly...

7.1CVSS0.0041EPSS
Exploits1References1
NVD
NVD
added 2025/05/29 5:15 p.m.16 views

CVE-2025-48475

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of the System an authorized user can view and edit, and which ones they cannot. As a result, an authorized user who does not have access to any of the...

8.1CVSS0.00345EPSS
Exploits1References2
CVE
CVE
added 2025/05/29 3:55 p.m.60 views

CVE-2025-48474

CVE-2025-48474 concerns FreeScout (prior to 1.8.180). The issue is improper access-rights checks for conversations, allowing users enabled with show_only_assigned_conversations to assign themselves to any accessible conversation and bypass viewing restrictions. The vulnerability is patched in ver...

8.1CVSS6.7AI score0.00406EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder