Cross-Site Scripting Vulnerability in FreeScout Help Desk
CVE-2025-48484

4.6MEDIUM

Key Information:

Vendor

Freescout-help-desk

Status
Freescout
Vendor
CVE Published:
30 May 2025

What is CVE-2025-48484?

FreeScout, a self-hosted help desk and shared mailbox application, is susceptible to Cross-Site Scripting (XSS) attacks. The vulnerability arises from inadequate input validation and improper sanitization of user-submitted data in the conversation POST data body. Attackers could exploit this flaw to inject malicious scripts into the application, potentially compromising user data and session integrity. This issue has been addressed in version 1.8.178 of FreeScout, highlighting the importance of regularly updating software to maintain robust security.

Affected Version(s)

freescout < 1.8.178

References

https://github.com/freescout-help-desk/freescout/security...
x_refsource_CONFIRM

CVSS V4

Score:
4.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-48484 : Cross-Site Scripting Vulnerability in FreeScout Help Desk