Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2025/06/01 4:35 a.m.6 views

CVE-2025-48477

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence of actions to implement a functional capability, but the application allows access to the functional capability without correctly...

8.1CVSS6.8AI score0.00107EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/06/01 4:35 a.m.6 views

CVE-2025-48480

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an authorized user with the administrator role or with the privilege User::PERMEDITUSERS can create a user, specifying the path to the user's avatar ../.htaccess during creation, and then delete the user's...

7CVSS7AI score0.00113EPSS
Exploits1References1
NVD
NVDadded 2025/05/30 7:15 a.m.8 views

CVE-2025-48486

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the cross-site scripiting XSS vulnerability is caused by the lack of input validation and sanitization in both \Session::flash and , allowing user input to be executed without proper filtering. This issue has...

6.1CVSS0.00153EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2025/05/30 6:18 a.m.5 views

CVE-2025-48489 FreeScout Vulnerable to Stored XSS

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting XSS attacks due to insufficient data validation and sanitization during data reception. This issue has been patched in version 1.8.180...

4.6CVSS5.7AI score0.0014EPSS
Exploits1References1
CVE
CVEadded 2025/05/30 6:17 a.m.47 views

CVE-2025-48487

CVE-2025-48487 pertains to FreeScout, a self-hosted help desk. The issue is a Cross‑Site Scripting (XSS) vulnerability that occurs when translating a phrase shown in a flash-message after an action, allowing injection of a payload. Root cause: insufficient sanitization of translation payloads in ...

6CVSS5.8AI score0.00181EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2025/05/30 4:34 a.m.1 views

CVE-2025-48480 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an authorized user with the administrator role or with the privilege User::PERMEDITUSERS can create a user, specifying the path to the user's avatar ../.htaccess during creation, and then delete the user's...

7CVSS6.7AI score0.00113EPSS
Exploits1References3
CVE
CVEadded 2025/05/30 4:30 a.m.44 views

CVE-2025-48476

CVE-2025-48476 affects FreeScout (Laravel-based open source help desk). Root cause: when adding/editing user records via the fill() method, missing validation for the absence of the password field allows mass-assignment, enabling a user with edit rights to change another user’s password and then ...

8.8CVSS6.8AI score0.00144EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2025/05/29 3:55 p.m.48 views

CVE-2025-48474

CVE-2025-48474 concerns FreeScout (prior to 1.8.180). The issue is improper access-rights checks for conversations, allowing users enabled with show_only_assigned_conversations to assign themselves to any accessible conversation and bypass viewing restrictions. The vulnerability is patched in ver...

8.1CVSS6.7AI score0.00224EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder