Security Vulnerabilities
Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator user.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-05-30
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data when an authenticated user updates the profile of an arbitrary customer. This issue has been patched in version 1.8.180.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-05-30
An OS Command Injection issue exists in wivia 5 all versions. If this vulnerability is exploited, an arbitrary OS command may be executed by a logged-in administrative user.
CVSS Score
6.7
EPSS Score
0.001
Published
2025-05-30
The Gearside Developer Dashboard WordPress plugin through 1.0.72 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-05-30
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill() method, which processes fields such as channel and channel_id. However, the fill() method is called with all client-provided data, including unexpected values for channel and channel_id, leading to a mass assignment vulnerability. This issue has been patched in version 1.8.180.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-05-30
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data during mail signature sanitization. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive data, hijack user sessions, or conduct other malicious activities. Additionally, if an administrator accesses one of these emails with a modified signature, it could result in a subsequent Cross-Site Request Forgery (CSRF) vulnerability. This issue has been patched in version 1.8.180.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-05-30
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data in the conversation POST data body. This issue has been patched in version 1.8.178.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-05-30
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence of actions to implement a functional capability, but the application allows access to the functional capability without correctly completing one or more actions in the sequence. The leaves the attributes of Mailbox object able to be changed by the fill method. This issue has been patched in version 1.8.180.
CVSS Score
8.1
EPSS Score
0.0
Published
2025-05-30
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, insufficient input validation during user creation has resulted in a mass assignment vulnerability, allowing an attacker to manipulate all fields of the object, which are enumerated in the $fillable array (the User object), when creating a new user. This issue has been patched in version 1.8.180.
CVSS Score
4.9
EPSS Score
0.0
Published
2025-05-30
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the laravel-translation-manager package does not correctly validate user input, enabling the deletion of any directory, given sufficient access rights. This issue has been patched in version 1.8.180.
CVSS Score
2.7
EPSS Score
0.0
Published
2025-05-30