CVE - CVE-2025-48875

CVE-ID
CVE-2025-48875	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system's incorrect validation of last_name and first_name during profile data updates allows for the injection of arbitrary JavaScript code, which will be executed in a flesh-message when the data is deleted, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This issue has been patched in version 1.8.181.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://github.com/freescout-help-desk/freescout/commit/508dda16853a39fcb6c2b46ea7b7f442d5f7eda7 URL:https://github.com/freescout-help-desk/freescout/commit/508dda16853a39fcb6c2b46ea7b7f442d5f7eda7 MISC:https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-mjjx-rv96-w9hq URL:https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-mjjx-rv96-w9hq
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20250527	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250527)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)