Vulnerabilidades en freescout-help-desk
65 resultadosCVE-2026-41183MEDIUMFreeScout allows non-folder conversation queries to disclose assigned-only hidden conversationsEPSS 0.2%CVE-2026-41189HIGHFreeScout has assigned-only visibility bypass that allows editing hidden customer-authored threadsEPSS 0.2%CVE-2025-48487MEDIUMFreeScout Vulnerable to Stored XSSEPSS 0.2%CVE-2026-34442MEDIUMFreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScoutEPSS 0.2%CVE-2025-48484MEDIUMFreeScout Vulnerable to Stored XSSEPSS 0.2%CVE-2025-48486MEDIUMFreeScout Vulnerable to Stored XSSEPSS 0.2%CVE-2025-48488MEDIUMFreeScout Vulnerable to Stored XSSEPSS 0.2%CVE-2025-48485MEDIUMFreeScout Vulnerable to Stored XSSEPSS 0.2%CVE-2025-48875MEDIUMFreeScout Vulnerable to Stored XSSEPSS 0.2%CVE-2026-40590MEDIUMFreeScout's Customer AJAX Create Modifies Hidden Existing CustomerEPSS 0.2%CVE-2026-41190HIGHFreeScout has assigned-only visibility bypass via save_draft that allows hidden conversation draft injectionEPSS 0.2%CVE-2026-40591HIGHFreeScout: Improper Authorization in Phone Conversation Creation Enables Cross-Mailbox Hidden Customer ModificationEPSS 0.2%CVE-2026-41191HIGHFreeScout's signature only mailbox permission allows unauthorized mailbox chat setting changesEPSS 0.2%CVE-2026-45294MEDIUMFreeScout: User Account Enumeration via Password Reset Response DifferentiationEPSS 0.2%CVE-2026-41905HIGHFreeScout vulnerable to SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata accessEPSS 0.2%CVE-2026-32753HIGHFreeScout: Stored XSS through SVG file upload with filter bypassEPSS 0.2%CVE-2026-40565MEDIUMFreeScout has Stored XSS / CSS Injection via linkify() — Unescaped URL in Anchor hrefEPSS 0.2%CVE-2025-48489MEDIUMFreeScout Vulnerable to Stored XSSEPSS 0.2%CVE-2026-41904HIGHFreeScout Stored XSS vulnerability in mailbox auto-reply: payload reaches every customer's email client (no CSP), bypassing strip_tags validator with mixed text+HTML contentEPSS 0.2%CVE-2026-41906HIGHFreeScout: Conversation Change-Customer Cross-Mailbox Authorization BypassEPSS 0.2%