Vulnerabilidades em freescout-help-desk
65 resultadosCVE-2025-48388HIGHFreeScout Has Insufficient Protection Against CRLF-injectionEPSS 0.3%CVE-2025-48473MEDIUMFreeScout Vulnerable to Insufficient AuthorizationEPSS 0.3%CVE-2026-35584MEDIUMFreeScout has an Unauthenticated IDOR in Open Tracking Endpoint Allows Cross-Conversation Thread Manipulation and EnumerationEPSS 0.3%CVE-2026-40569CRITICALFreeScout's Mass Assignment in Mailbox Connection Settings Enables Silent Email ExfiltrationEPSS 0.3%CVE-2026-40566MEDIUMFreeScout vulnerable to SSRF via IMAP/SMTP Connection Test EndpointsEPSS 0.3%CVE-2025-48482MEDIUMFreeScout Has Business Logic ErrorsEPSS 0.3%CVE-2026-32752NONEFreeScout: Broken Access Control in ThreadPolicy — Any User Can Read/Edit All Customer MessagesEPSS 0.3%CVE-2026-34443MEDIUMFreeScout: SSRF protection bypass via broken CIDR check in checkIpByMask()EPSS 0.3%CVE-2025-48479HIGHFreeScout Has Business Logic ErrorsEPSS 0.3%CVE-2025-48480HIGHFreeScout Has Business Logic ErrorsEPSS 0.3%CVE-2026-41903MEDIUMFreeScout IDOR Vulnerability: PERM_EDIT_USERS allows modifying any user's notification subscriptions (incomplete fix of CVE-2025-48472)EPSS 0.3%CVE-2026-40570MEDIUMFreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Full Customer PIIEPSS 0.2%CVE-2026-41902CRITICALFreeScout's user invitation hash never expires: permanent unauthenticated account takeover if invite link leaksEPSS 0.2%CVE-2026-40497HIGHFreeScout Vulnerable to CSS Injection via Stored Style Tag in Mailbox Signature (CSRF Token Exfiltration)EPSS 0.2%CVE-2026-40567MEDIUMFreeScout has HTML Injection in Outgoing Emails via Unsanitized Customer Name in Signature VariablesEPSS 0.2%CVE-2026-40592MEDIUMFreeScout's cross-user undo reply allows mailbox peers to recall another agent's outbound replyEPSS 0.2%CVE-2026-40568HIGHFreeScout Vulnerable to XSS via Mailbox Signature Due to Incomplete HTML SanitizationEPSS 0.2%CVE-2026-41192HIGHFreeScout's client-controlled attachment IDs allow deletion of existing conversation attachmentsEPSS 0.2%CVE-2026-40589HIGHFreeScout has Customer Edit Cross-Mailbox Email TakeoverEPSS 0.2%CVE-2026-39384HIGHFreeScout Customer Merge Cross-Mailbox Authorization BypassEPSS 0.2%