CVE-2025-48487

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.180

Description FreeScout is a free self-hosted help desk and shared mailbox. The issue arises when creating a translation of a phrase that appears in a flash-message after a completed action, allowing the injection of a payload to exploit an XSS vulnerability. This problem has been corrected in version 1.8.180.

Recommendations For versions prior to 1.8.180, update to version 1.8.180 to resolve the issue. As a temporary workaround, consider restricting access to the translation feature for creating phrases that appear in flash-messages to minimize the risk of exploitation.