Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.11 views

CVE-2026-40568

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting XSS vulnerability in the mailbox signature feature. The sanitization function Helper::stripDangerousTags app/Misc/Helper.php:568 uses an incomplete blocklist of only four HTM...

8.5CVSS5.4AI score0.00238EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 5:16 p.m.7 views

CVE-2026-40568

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting XSS vulnerability in the mailbox signature feature. The sanitization function Helper::stripDangerousTags app/Misc/Helper.php:568 uses an incomplete blocklist of only four HTM...

8.5CVSS0.00238EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/21 4:8 p.m.4 views

CVE-2026-40568 FreeScout Vulnerable to XSS via Mailbox Signature Due to Incomplete HTML Sanitization

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting XSS vulnerability in the mailbox signature feature. The sanitization function Helper::stripDangerousTags app/Misc/Helper.php:568 uses an incomplete blocklist of only four HTM...

8.5CVSS5.8AI score0.00238EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/21 4:8 p.m.6 views

CVE-2026-40568

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting XSS vulnerability in the mailbox signature feature. The sanitization function Helper::stripDangerousTags app/Misc/Helper.php:568 uses an incomplete blocklist of only four HTM...

8.5CVSS5.8AI score0.00238EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/21 1:45 a.m.13 views

CVE-2026-40497

Summary (concrete details available) : FreeScout prior to version 1.8.213 is vulnerable to CSS injection in the mailbox signature due to incomplete stripping of dangerous tags: stripDangerousTags() removes script/form/iframe/object but not style, allowing inline CSS to exfiltrate CSRF tokens. An ...

8.1CVSS5.9AI score0.00243EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder