QwikSec

Security Database

CVE

CWE

Training

CVE-2025-48488

Published: May 30, 2025

Modified: May 30, 2025

PUBLISHED

Description

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, deleting the file .htaccess allows an attacker to upload an HTML file containing malicious JavaScript code to the server, which can result in a Cross-Site Scripting (XSS) vulnerability. This issue has been patched in version 1.8.180.

Vendor	Product	Versions
freescout-help-desk	freescout	affected `< 1.8.180`

Weaknesses (CWE)

References

https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-2m76-538h-7hf9

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.