Primary

Context

FreeScout Cross-Site Scripting Vulnerability

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in FreeScout versions prior to 1.8.180. This issue arises from inadequate input validation and sanitization, allowing user input to be executed without proper filtering. An authorized user can inject arbitrary HTML or JavaScript into the application, potentially leading to the theft of sensitive data, hijacking of user sessions, or other malicious activities.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Remediation

Users are advised to update FreeScout to version 1.8.180 or later. For general guidance on preventing cross-site scripting vulnerabilities, refer to the OWASP Cross-Site Scripting Prevention Cheat Sheet.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.7

exploitability

6.5

remediation

7.7

relevance

0.1

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.7

exploitability

6.5

remediation

7.7

relevance

0.1

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreeScout Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

FreeScout

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating