CVE-2025-48875 – FreeScout Cross-Site Scripting (XSS) Vulnerability

May 30, 2025

CVE ID : CVE-2025-48875

Published : May 30, 2025, 7:15 a.m. | 2 hours, 21 minutes ago

Description : FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system’s incorrect validation of last_name and first_name during profile data updates allows for the injection of arbitrary JavaScript code, which will be executed in a flesh-message when the data is deleted, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This issue has been patched in version 1.8.181.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4943 – LA-Studio Element Kit for Elementor Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-48880 – FreeScout Race Condition Vulnerability

Highlights

CVE-2025-46571 – Open WebUI Unauthenticated JavaScript File Upload to Admin RCE

May 5, 2025

CVE ID : CVE-2025-46571

Published : May 5, 2025, 7:15 p.m. | 18 minutes ago

Description : Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, low privileged users can upload HTML files which contain JavaScript code via the `/api/v1/files/` backend endpoint. This endpoint returns a file id, which can be used to open the file in the browser and trigger the JavaScript code in the user’s browser. Under the default settings, files uploaded by low-privileged users can only be viewed by admins or themselves, limiting the impact of this vulnerability. A link to such a file can be sent to an admin, and if clicked, will give the low-privileged user complete control over the admin’s account, ultimately enabling RCE via functions. Version 0.6.6 contains a fix for the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The state of DevOps and AI: Not just hype

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Look out, Meta Ray-Bans! These AI glasses just raised over $1M in pre-orders in 3 days

Samsung ‘Galaxy Glasses’ powered by Android XR are reportedly on track to be unveiled this month

The M4 iPad Pro is discounted $100 as a last-minute Labor Day deal

Distribution Release: Linux From Scratch 12.4

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

August report 2025

Fake News Detection using Python Machine Learning (ML)

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Download Transcribe! for Windows

Microsoft Fixes CertificateServicesClient (CertEnroll) Error in Windows 11

CVE-2025-48875 – FreeScout Cross-Site Scripting (XSS) Vulnerability

Hacker suspected of trying to cheat his way into university is arrested in Spain

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

GitHub Enterprise Server Vulnerabilities Expose Risk of Code Execution and Data Leaks

Windows 10 KB5060533 adds Bing feature to Calendar UI on taskbar

Why Windows Users Should Care About VPNs in 2025

8 most exciting AI features and tools revealed at Google I/O 2025

CVE-2025-46571 – Open WebUI Unauthenticated JavaScript File Upload to Admin RCE

Fork recipes – manage food recipes

Gnuinos – spin of Devuan Linux

Microsoft finally explains how to fix Office 2024 licensing issue

CVE-2025-48875 – FreeScout Cross-Site Scripting (XSS) Vulnerability

Related Posts