Freescout-Helpdesk Freescout vulnerabilities
5 known vulnerabilities affecting freescout-helpdesk/freescout.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-29185P2CRITICALCVSS 9.0fixed in 1.8.1282024-03-22
CVE-2024-29185 [CRITICAL] CWE-78 CVE-2024-29185: FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to
FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the php_path parameter is being executed as an OS command by the shell_exec function, without validating it. This allows an adversary to execute malicious OS commands on the ser
nvd
CVE-2024-28186P3HIGHCVSS 7.1fixed in 1.8.1242024-03-12
CVE-2024-28186 [HIGH] CWE-532 CVE-2024-28186: FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been ide
FreeScout is an open source help desk and shared inbox built with PHP.
A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing complete stack traces of exceptions in its database. The s
nvd
CVE-2024-29184P3HIGHCVSS 8.0fixed in 1.8.1282024-03-22
CVE-2024-29184 [HIGH] CWE-79 CVE-2024-29184: FreeScout is a self-hosted help desk and shared mailbox. A Stored Cross-Site Scripting (XSS) vulnera
FreeScout is a self-hosted help desk and shared mailbox. A Stored Cross-Site Scripting (XSS) vulnerability has been identified within the Signature Input Field of the FreeScout Application prior to version 1.8.128. Stored XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious scripts t
nvd
CVE-2024-34698P3MEDIUMCVSS 6.3fixed in 1.8.1392024-05-14
CVE-2024-34698 [MEDIUM] CWE-1321 CVE-2024-34698: FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.13
FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the `/public/js/main.js` source file. The Prototype Pollution arises because the `getQueryParam` Function recursively merges an object containing user-controllable properties into an existing object (F
nvd
CVE-2024-34697P4MEDIUMCVSS 6.1fixed in 1.8.1392024-05-14
CVE-2024-34697 [MEDIUM] CWE-74 CVE-2024-34697: FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability
FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the application's mailbox. This vulnerability arises from improper handling of HTML
nvd