Freescout

Freescout

72 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.6

CVE-2026-39384

Exploit
  • EPSS 0.24%
  • Veröffentlicht 07.04.2026 16:05:16
  • Zuletzt bearbeitet 24.04.2026 18:03:02

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not take the limit_user_customer_visibility parameter into account when merging customers. This vulnerability is fixed in 1.8.212.

6.1

CVE-2026-34442

Exploit
  • EPSS 0.22%
  • Veröffentlicht 31.03.2026 21:28:19
  • Zuletzt bearbeitet 01.04.2026 19:49:03

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version (http://localhost:8080/system/status) allows an attacker to inject an arbitrary domain into gen...

5.3

CVE-2026-34443

Exploit
  • EPSS 0.28%
  • Veröffentlicht 31.03.2026 21:28:16
  • Zuletzt bearbeitet 13.04.2026 15:14:59

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask() in app/Misc/Helper.php checks whether the input IP contains a / character. Plain IP addresses never contain /, so the functio...

9.3

CVE-2026-32754

Exploit
  • EPSS 0.53%
  • Veröffentlicht 19.03.2026 21:35:17
  • Zuletzt bearbeitet 23.03.2026 19:14:38

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.208 and below are vulnerable to Stored Cross-Site Scripting (XSS) through FreeScout's email notification templates. Incoming email bodies are stored in th...

5.4

CVE-2026-32753

Exploit
  • EPSS 0.21%
  • Veröffentlicht 19.03.2026 21:26:09
  • Zuletzt bearbeitet 23.03.2026 19:25:21

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, bypasses of the attachment view logic and SVG sanitizer make it possible to upload and render an SVG that runs malicious JavaScript. An ...

8.1

CVE-2026-32752

Exploit
  • EPSS 0.28%
  • Veröffentlicht 19.03.2026 21:21:54
  • Zuletzt bearbeitet 23.03.2026 19:30:28

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, the ThreadPolicy::edit() method contains a broken access control vulnerability that allows any authenticated user (regardless of role or...

8.1

CVE-2026-28289

Medienbericht Exploit
  • EPSS 31.14%
  • Veröffentlicht 03.03.2026 22:59:08
  • Zuletzt bearbeitet 11.03.2026 19:29:44

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Exec...

9.8

CVE-2026-27637

Exploit
  • EPSS 0.67%
  • Veröffentlicht 25.02.2026 04:16:04
  • Zuletzt bearbeitet 26.02.2026 16:08:44

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's `TokenAuth` middleware uses a predictable authentication token computed as `MD5(user_id + created_at + APP_KEY)`. This token is s...

8.8

CVE-2026-27636

Medienbericht Exploit
  • EPSS 2.12%
  • Veröffentlicht 25.02.2026 04:16:03
  • Zuletzt bearbeitet 26.02.2026 16:07:11

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in `app/Misc/Helper.php` does not include `.htaccess` or `.user.ini` files. On Apache servers with `...

8.8

CVE-2025-58163

Exploit
  • EPSS 0.67%
  • Veröffentlicht 03.09.2025 01:34:16
  • Zuletzt bearbeitet 08.09.2025 15:03:47

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.185 and earlier contain a deserialization of untrusted data vulnerability that allows authenticated attackers with knowledge of the application's APP_KEY ...