CVE-2024-34697

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.139

Description A stored HTML Injection issue has been identified in the Email Receival Module of the FreeScout Application. This issue allows attackers to inject malicious HTML content into emails sent to the application's mailbox due to improper handling of HTML content within incoming emails. Attackers can embed malicious HTML code in the context of the application's domain, potentially leading to attacks such as form hijacking, application defacement, or data exfiltration via CSS injection. Unauthenticated attackers can exploit this issue, although they are limited to HTML injection, the consequences can still be severe.

Recommendations For versions prior to 1.8.139, update to version 1.8.139, which implements strict input validation and sanitization mechanisms to prevent malicious HTML injections.