CVE-2025-48487: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in freescout-help-desk freescout
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when creating a translation of a phrase that appears in a flash-message after a completed action, it is possible to inject a payload to exploit XSS vulnerability. This issue has been patched in version 1.8.180.
AI Analysis
Technical Summary
CVE-2025-48487 is a cross-site scripting (XSS) vulnerability identified in FreeScout, a free self-hosted help desk and shared mailbox software. The vulnerability exists in versions prior to 1.8.180. Specifically, the flaw arises when creating translations of phrases that appear in flash messages after completed actions. Improper neutralization of input during web page generation allows an attacker to inject malicious scripts into these flash messages. When a user views the affected flash message, the injected script executes in the context of the user's browser, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The CVSS 4.0 base score is 6.0 (medium severity), reflecting network attack vector, low attack complexity, no privileges required but user interaction needed, and high scope impact due to the vulnerability affecting components beyond the initially vulnerable code. No known exploits are currently reported in the wild, and the issue has been patched in version 1.8.180 of FreeScout. The vulnerability is classified under CWE-79, which covers improper neutralization of input leading to XSS attacks. This vulnerability is particularly relevant for organizations self-hosting FreeScout instances, as it can be exploited remotely via crafted inputs in translation phrases, potentially compromising user sessions and data confidentiality.
Potential Impact
For European organizations using FreeScout for help desk and mailbox management, this vulnerability poses a risk of unauthorized script execution within the context of authenticated users. Successful exploitation could lead to theft of session cookies, enabling attackers to impersonate users, access sensitive support tickets, or manipulate help desk workflows. This could result in data breaches involving customer information, internal communications, or confidential support data. The impact on integrity and confidentiality is significant, especially in sectors handling sensitive personal or corporate data, such as finance, healthcare, and government agencies. Additionally, the availability of the help desk service could be indirectly affected if attackers leverage the vulnerability to disrupt operations or escalate privileges. Given the medium severity and requirement for user interaction, the threat is moderate but should not be underestimated, particularly in environments with high user trust and sensitive data.
Mitigation Recommendations
European organizations should immediately upgrade FreeScout installations to version 1.8.180 or later, where the vulnerability is patched. Until upgrading, administrators should restrict access to translation management interfaces to trusted personnel only and implement strict input validation and sanitization on any user-supplied content related to translations or flash messages. Employing Content Security Policy (CSP) headers can help mitigate the impact of XSS by restricting script execution sources. Regularly audit and monitor logs for unusual activities related to flash message generation or translation inputs. Additionally, educate users about the risks of interacting with unexpected or suspicious flash messages. Network-level protections such as web application firewalls (WAFs) can be configured to detect and block common XSS payloads targeting FreeScout. Finally, implement multi-factor authentication (MFA) for user accounts to reduce the risk of session hijacking consequences.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden
CVE-2025-48487: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in freescout-help-desk freescout
Description
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when creating a translation of a phrase that appears in a flash-message after a completed action, it is possible to inject a payload to exploit XSS vulnerability. This issue has been patched in version 1.8.180.
AI-Powered Analysis
Technical Analysis
CVE-2025-48487 is a cross-site scripting (XSS) vulnerability identified in FreeScout, a free self-hosted help desk and shared mailbox software. The vulnerability exists in versions prior to 1.8.180. Specifically, the flaw arises when creating translations of phrases that appear in flash messages after completed actions. Improper neutralization of input during web page generation allows an attacker to inject malicious scripts into these flash messages. When a user views the affected flash message, the injected script executes in the context of the user's browser, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The CVSS 4.0 base score is 6.0 (medium severity), reflecting network attack vector, low attack complexity, no privileges required but user interaction needed, and high scope impact due to the vulnerability affecting components beyond the initially vulnerable code. No known exploits are currently reported in the wild, and the issue has been patched in version 1.8.180 of FreeScout. The vulnerability is classified under CWE-79, which covers improper neutralization of input leading to XSS attacks. This vulnerability is particularly relevant for organizations self-hosting FreeScout instances, as it can be exploited remotely via crafted inputs in translation phrases, potentially compromising user sessions and data confidentiality.
Potential Impact
For European organizations using FreeScout for help desk and mailbox management, this vulnerability poses a risk of unauthorized script execution within the context of authenticated users. Successful exploitation could lead to theft of session cookies, enabling attackers to impersonate users, access sensitive support tickets, or manipulate help desk workflows. This could result in data breaches involving customer information, internal communications, or confidential support data. The impact on integrity and confidentiality is significant, especially in sectors handling sensitive personal or corporate data, such as finance, healthcare, and government agencies. Additionally, the availability of the help desk service could be indirectly affected if attackers leverage the vulnerability to disrupt operations or escalate privileges. Given the medium severity and requirement for user interaction, the threat is moderate but should not be underestimated, particularly in environments with high user trust and sensitive data.
Mitigation Recommendations
European organizations should immediately upgrade FreeScout installations to version 1.8.180 or later, where the vulnerability is patched. Until upgrading, administrators should restrict access to translation management interfaces to trusted personnel only and implement strict input validation and sanitization on any user-supplied content related to translations or flash messages. Employing Content Security Policy (CSP) headers can help mitigate the impact of XSS by restricting script execution sources. Regularly audit and monitor logs for unusual activities related to flash message generation or translation inputs. Additionally, educate users about the risks of interacting with unexpected or suspicious flash messages. Network-level protections such as web application firewalls (WAFs) can be configured to detect and block common XSS payloads targeting FreeScout. Finally, implement multi-factor authentication (MFA) for user accounts to reduce the risk of session hijacking consequences.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-05-22T12:11:39.119Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68395033182aa0cae2a25ee6
Added to database: 5/30/2025, 6:29:07 AM
Last enriched: 7/7/2025, 9:10:24 PM
Last updated: 8/17/2025, 11:44:50 AM
Views: 11
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.