← volver
CVE-2025-48488

FreeScout Vulnerable to Stored XSS

CVSS 4.6 MEDIUMEPSS 0.2%CWE-79
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.6EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
30 may 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, deleting the file .htaccess allows an attacker to upload an HTML file containing malicious JavaScript code to the server, which can result in a Cross-Site Scripting (XSS) vulnerability. This issue has been patched in version 1.8.180.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
Productos afectados
freescout-help-desk · freescout

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-2m76-538h-7hf9