CVE-2025-48486 – FreeScout Cross-Site Scripting (XSS) Vulnerability

May 30, 2025

CVE ID : CVE-2025-48486

Published : May 30, 2025, 7:15 a.m. | 2 hours, 21 minutes ago

Description : FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the cross-site scripiting (XSS) vulnerability is caused by the lack of input validation and sanitization in both Session::flash and __, allowing user input to be executed without proper filtering. This issue has been patched in version 1.8.180.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48865 – Fabio HTTP Hop-by-Hop Header Manipulation Vulnerability

Next Article CVE-2025-48489 – FreeScout Cross-Site Scripting (XSS) Vulnerability

Highlights

CVE-2025-7410 – Code-projects LifeStyle Store SQL Injection Vulnerability

July 10, 2025

CVE ID : CVE-2025-7410

Published : July 10, 2025, 5:15 p.m. | 2 hours, 3 minutes ago

Description : A vulnerability was found in code-projects LifeStyle Store 1.0. It has been classified as critical. Affected is an unknown function of the file /cart_remove.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Best React.js Development Services in 2025: Features, Benefits & What to Look For

Report: Samsung’s tri-fold phone, XR headset, and AI smart glasses to be revealed at Sep 29 Unpacked event

Are smart glasses with built-in hearing aids viable? My verdict after months of testing

These 7 smart plug hacks that saved me time, money, and energy (and how I set them up)

Amazon will sell you the iPhone 16 Pro for $250 off right now – how the deal works

Fake News Detection using Python Machine Learning (ML)

Fake News Detection using Python Machine Learning (ML)

Common FP – A New JS Utility Lib

Call for Speakers – JS Conf Armenia 2025

Chrome on Windows 11 FINALLY Gets Touch Drag and Drop, Matching Native Apps

Chrome on Windows 11 FINALLY Gets Touch Drag and Drop, Matching Native Apps

Fox Sports not Working: 7 Quick Fixes to Stream Again

Capital One Zelle not Working: 7 Fast Fixes

CVE-2025-48486 – FreeScout Cross-Site Scripting (XSS) Vulnerability

CVE-2024-32832 – Hamid Alinia Login with Phone Number Missing Authorization

CVE-2025-31100 – Mojoomla School Management Unrestricted File Upload Vulnerability

Apache Tomcat Security Update Fixes DoS and Rewrite Rule Bypass Flaws

CVE-2025-3396 – GitLab EE API Request Forgery Vulnerability

Building Interactive 3D Cards in Webflow with Three.js

6 Best Free and Open Source Econometric Software

CVE-2025-7410 – Code-projects LifeStyle Store SQL Injection Vulnerability

CVE-2025-23269 – NVIDIA Jetson Linux Microarchitectural Predictor State Information Disclosure

CVE-2023-28906 – Skoda MIB3 Infotainment Command Injection Vulnerability

CVE-2025-4262 – “PHPGurukul Online DJ Booking Management System SQL Injection Vulnerability”

CVE-2025-48486 – FreeScout Cross-Site Scripting (XSS) Vulnerability

Related Posts