CVE-2025-48489 – FreeScout Cross-Site Scripting (XSS) Vulnerability

May 30, 2025

CVE ID : CVE-2025-48489

Published : May 30, 2025, 7:15 a.m. | 2 hours, 21 minutes ago

Description : FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to insufficient data validation and sanitization during data reception. This issue has been patched in version 1.8.180.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48486 – FreeScout Cross-Site Scripting (XSS) Vulnerability

Next Article CVE-2025-48488 – FreeScout Cross-Site Scripting (XSS) Vulnerability

Highlights

CVE-2025-48369 – Group-Office Cross-Site Scripting (XSS) Vulnerability in Tasks Comment Functionality

May 22, 2025

CVE ID : CVE-2025-48369

Published : May 22, 2025, 6:15 p.m. | 36 minutes ago

Description : Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting (XSS) vulnerability exists in Groupoffice’s tasks comment functionality, allowing attackers to execute arbitrary JavaScript by uploading an file with a crafted filename. When administrators or other users view the task containing this malicious file, the payload executes in their browser context. The application fails to sanitize image filenames before rendering them in the comment. By uploading an image with a crafted filename containing XSS payloads, attackers can steal sensitive information. Versions 6.8.119 and 25.0.20 contain a fix for the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Too many open browser tabs? This is still my favorite solution – and has been for years

This new browser won’t monetize your every move – how to try it

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

The details of TC39’s last meeting

The details of TC39’s last meeting

Reclaim Space: Delete Docker Orphan Layers

Notes Android App Using SQLite

KeySmith – SSH key management

KeySmith – SSH key management

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

CVE-2025-48489 – FreeScout Cross-Site Scripting (XSS) Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Your Brother printer might have a critical security flaw – how to check and what to do next

CVE-2024-24780 – Apache IoTDB Untrusted URI Remote Code Execution Vulnerability

CVE-2025-51656 – SemCms SQL Injection

What Zen And The Art Of Motorcycle Maintenance Can Teach Us About Web Design

CVE-2025-48369 – Group-Office Cross-Site Scripting (XSS) Vulnerability in Tasks Comment Functionality

Team Group’s New P250Q SSD Can Erase Itself, Built for Military and Industrial Use

Trump Org Launches T1 Mobile with $47 Plan and $499 Gold “T1 Phone”

New Okta Platform innovations extend Identity Security Fabric to non-human identities in an agentic AI future

CVE-2025-48489 – FreeScout Cross-Site Scripting (XSS) Vulnerability

Related Posts