Lucene search
+L

4 matches found

Cvelist
Cvelist
added 2026/04/21 4:6 p.m.31 views

CVE-2026-40567 FreeScout has HTML Injection in Outgoing Emails via Unsanitized Customer Name in Signature Variables

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...

5.8CVSS0.00242EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/21 4:6 p.m.3 views

CVE-2026-40567 FreeScout has HTML Injection in Outgoing Emails via Unsanitized Customer Name in Signature Variables

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...

5.8CVSS5.9AI score0.00242EPSS
Exploits0References3
OSV
OSV
added 2026/04/21 4:6 p.m.4 views

CVE-2026-40567 FreeScout has HTML Injection in Outgoing Emails via Unsanitized Customer Name in Signature Variables

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...

5.8CVSS6AI score0.00242EPSS
Exploits0References5
CVE
CVE
added 2026/04/21 4:6 p.m.12 views

CVE-2026-40567

FreeScout (self-hosted help desk) contains an HTML injection vulnerability in outgoing emails prior to v1.8.213. An unauthenticated attacker can craft the From display name in an email; the name is stored in the database without sanitization and rendered unescaped in outgoing replies via the {%cu...

5.8CVSS5.9AI score0.00242EPSS
Exploits0References3
Rows per page
Query Builder