CVE-2025-48483

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.180

Description The issue is related to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data during mail signature sanitization. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive data, hijack user sessions, or conduct other malicious activities. Additionally, if an administrator accesses one of these emails with a modified signature, it could result in a subsequent Cross-Site Request Forgery (CSRF) vulnerability.

Recommendations For versions prior to 1.8.180, update to version 1.8.180 to resolve the issue. As a temporary workaround, consider restricting access to mail signatures or disabling the feature that allows users to modify their signatures until the update is applied. Avoid using the application's mail signature feature with untrusted input until the issue is resolved.