Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

freescout-help-desk — Vulnerabilities & Security Advisories 61

Browse all 61 CVE security advisories affecting freescout-help-desk. AI-powered Chinese analysis, POCs, and references for each vulnerability.

FreeScout is an open-source, self-hosted help desk application designed to manage customer support tickets via email, serving as a cost-effective alternative to commercial platforms. Despite its utility, the software has a significant security history, with 56 Common Vulnerabilities and Exposures (CVEs) currently recorded. These vulnerabilities predominantly involve cross-site scripting (XSS), SQL injection, and remote code execution (RCE), often stemming from insufficient input validation and improper access controls. Several incidents highlight critical privilege escalation flaws that allow unauthenticated users to gain administrative access or execute arbitrary commands on the host system. The high volume of disclosed CVEs indicates persistent maintenance challenges regarding code quality and security auditing. Organizations deploying FreeScout must prioritize rigorous patch management and network segmentation to mitigate these known risks, as the application’s architecture has repeatedly demonstrated susceptibility to standard web application attacks.

Top products by freescout-help-desk: freescout
CVE IDTitleCVSSSeverityPublished
CVE-2026-32753 FreeScout: Stored XSS through SVG file upload with filter bypass — freescoutCWE-80 6.1 -2026-03-19
CVE-2026-32752 FreeScout: Broken Access Control in ThreadPolicy — Any User Can Read/Edit All Customer Messages — freescoutCWE-284--2026-03-19
CVE-2026-28289 FreeScout 1.8.206 Patch Bypass for CVE-2026-27636 via Zero-Width Space Character Leads to Remote Code Execution — freescoutCWE-434 10.0 Critical2026-03-03
CVE-2026-27636 FreeScout: Missing .htaccess in Restricted File Extensions Allows Remote Code Execution on Apache — freescoutCWE-434 8.8 High2026-02-25
CVE-2026-27637 FreeScout's Predictable Authentication Token Enables Account Takeover — freescoutCWE-330 9.8 Critical2026-02-25
CVE-2025-58163 FreeScout's deserialization of untrusted data can lead to Remote Code Execution — freescoutCWE-502 7.5AIHighAI2025-09-03
CVE-2025-54366 FreeScout's deserialization of untrusted data leads to Remote Code Execution — freescoutCWE-502 8.8 -2025-07-26
CVE-2025-48488 FreeScout Vulnerable to Stored XSS — freescoutCWE-79 5.4AIMediumAI2025-05-30
CVE-2025-48880 FreeScout has Race Condition When Deleting Users — freescoutCWE-362 4.2AIMediumAI2025-05-30
CVE-2025-48875 FreeScout Vulnerable to Stored XSS — freescoutCWE-79 5.4AIMediumAI2025-05-30
CVE-2025-48489 FreeScout Vulnerable to Stored XSS — freescoutCWE-79 5.4AIMediumAI2025-05-30
CVE-2025-48487 FreeScout Vulnerable to Stored XSS — freescoutCWE-79 5.4AIMediumAI2025-05-30
CVE-2025-48486 FreeScout Vulnerable to Stored XSS — freescoutCWE-79 5.4AIMediumAI2025-05-30
CVE-2025-48485 FreeScout Vulnerable to Stored XSS — freescoutCWE-79 5.4AIMediumAI2025-05-30
CVE-2025-48484 FreeScout Vulnerable to Stored XSS — freescoutCWE-79 5.4AIMediumAI2025-05-30
CVE-2025-48483 FreeScout Stored XSS leads to CSRF — freescoutCWE-79 6.1AIMediumAI2025-05-30
CVE-2025-48482 FreeScout Has Business Logic Errors — freescoutCWE-841 4.3AIMediumAI2025-05-30
CVE-2025-48481 FreeScout Has Business Logic Errors — freescoutCWE-841 8.2AIHighAI2025-05-30
CVE-2025-48480 FreeScout Has Business Logic Errors — freescoutCWE-841 6.5AIMediumAI2025-05-30
CVE-2025-48479 FreeScout Has Business Logic Errors — freescoutCWE-841 6.5AIMediumAI2025-05-30
CVE-2025-48478 FreeScout Has Business Logic Errors — freescoutCWE-841 7.5AIHighAI2025-05-30
CVE-2025-48477 FreeScout Has Business Logic Errors — freescoutCWE-841 4.3AIMediumAI2025-05-30
CVE-2025-48476 FreeScout Has Business Logic Errors — freescoutCWE-841 8.8AIHighAI2025-05-30
CVE-2025-48475 FreeScout Vulnerable to Insufficient Authorization — freescoutCWE-863 5.4AIMediumAI2025-05-29
CVE-2025-48474 FreeScout Vulnerable to Insufficient Authorization — freescoutCWE-863 4.3AIMediumAI2025-05-29
CVE-2025-48473 FreeScout Vulnerable to Insufficient Authorization — freescoutCWE-863 3.5AILowAI2025-05-29
CVE-2025-48472 FreeScout Vulnerable to Insufficient Authorization — freescoutCWE-863 7.1AIHighAI2025-05-29
CVE-2025-48471 FreeScout Vulnerable to Arbitrary File Upload — freescoutCWE-434 8.8AIHighAI2025-05-29
CVE-2025-48390 FreeScout Vulnerable to Remote Code Execution (RCE) — freescoutCWE-94 7.2AIHighAI2025-05-29
CVE-2025-48389 FreeScout Vulnerable to Deserialization of Untrusted Data — freescoutCWE-502 8.8AIHighAI2025-05-29

This page lists every published CVE security advisory associated with freescout-help-desk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.