CVE-2026-40567
FreeScout has HTML Injection in Outgoing Emails via Unsanitized Customer Name in Signature Variables
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization and rendered unescaped into outgoing reply emails via the `{%customer.fullName%}` signature variable. This allows embedding phishing links, tracking pixels, and spoofed content inside legitimate support emails sent from the organization's address. Version 1.8.213 fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Productos afectados
freescout-help-desk · freescout¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →