Browse all 6 CVE security advisories affecting freescout-helpdesk. AI-powered Chinese analysis, POCs, and references for each vulnerability.
FreeScout-helpdesk serves as an open-source help desk and ticketing system for managing customer communications. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control flaws. The application's exposure to web-based threats has led to multiple CVEs, with some instances allowing attackers to execute arbitrary code or compromise administrative accounts. While no major public security incidents have been widely documented, its frequent updates suggest ongoing security maintenance. Users should prioritize timely patching given the recurring discovery of critical flaws in its web interface and integration components.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-34698 | Prototype Pollution in getQueryParam Function (URL Query Parser) — freescoutCWE-1321 | 4.6 | Medium | 2024-05-13 |
| CVE-2024-34697 | Freescout vulnerable to Stored HTML Injection in Editing Received Emails — freescoutCWE-74 | 7.6 | High | 2024-05-13 |
| CVE-2024-29185 | FreeScout OS Command Injection vulnerability — freescoutCWE-78 | 9.1 | Critical | 2024-03-22 |
| CVE-2024-29184 | FreeScout Stored XSS to Privilege Escalation After CSP Bypass — freescoutCWE-79 | 8.0 | High | 2024-03-22 |
| CVE-2024-28186 | SMTP Mail Credentials Disclosed in Error Log in freescout — freescoutCWE-532 | 7.1 | High | 2024-03-12 |
| CVE-2024-1932 | Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout — freescout-helpdesk/freescoutCWE-434 | 8.8 | - | 2024-02-28 |
This page lists every published CVE security advisory associated with freescout-helpdesk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.