CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-48880 |
Description: FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, when an administrative account is a deleting a user, there is the the possibility of a race condition occurring. This issue has been patched in version 1.8.181.
CVSS: MEDIUM (6.6) EPSS Score: 0.05%
May 30th, 2025 (18 days ago)
|
|
CVE-2025-48875 |
Description: FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system's incorrect validation of last_name and first_name during profile data updates allows for the injection of arbitrary JavaScript code, which will be executed in a flesh-message when the data is deleted, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This issue has been patched in version 1.8.181.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
May 30th, 2025 (18 days ago)
|
|
CVE-2025-48489 |
Description: FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to insufficient data validation and sanitization during data reception. This issue has been patched in version 1.8.180.
CVSS: MEDIUM (4.8) EPSS Score: 0.03%
May 30th, 2025 (18 days ago)
|
|
CVE-2025-48488 |
Description: FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, deleting the file .htaccess allows an attacker to upload an HTML file containing malicious JavaScript code to the server, which can result in a Cross-Site Scripting (XSS) vulnerability. This issue has been patched in version 1.8.180.
CVSS: MEDIUM (4.6) EPSS Score: 0.03%
May 30th, 2025 (18 days ago)
|
|
CVE-2025-48487 |
Description: FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when creating a translation of a phrase that appears in a flash-message after a completed action, it is possible to inject a payload to exploit XSS vulnerability. This issue has been patched in version 1.8.180.
CVSS: MEDIUM (4.8) EPSS Score: 0.03%
May 30th, 2025 (18 days ago)
|
|
CVE-2025-48486 |
Description: FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the cross-site scripiting (XSS) vulnerability is caused by the lack of input validation and sanitization in both \Session::flash and __, allowing user input to be executed without proper filtering. This issue has been patched in version 1.8.180.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
May 30th, 2025 (18 days ago)
|
|
CVE-2025-48485 |
Description: FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data when an authenticated user updates the profile of an arbitrary customer. This issue has been patched in version 1.8.180.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
May 30th, 2025 (18 days ago)
|
|
CVE-2025-47697 |
Description: Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator user.
CVSS: MEDIUM (6.5) EPSS Score: 0.12%
May 30th, 2025 (18 days ago)
|
|
CVE-2025-41406 |
Description: Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
May 30th, 2025 (18 days ago)
|
|
CVE-2025-41385 |
Description: An OS Command Injection issue exists in wivia 5 all versions. If this vulnerability is exploited, an arbitrary OS command may be executed by a logged-in administrative user.
CVSS: MEDIUM (6.7) EPSS Score: 0.13%
May 30th, 2025 (18 days ago)
|