CVE-2025-48488

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.180

Description The issue allows an attacker to upload an HTML file containing malicious JavaScript code to the server, resulting in a Cross-Site Scripting (XSS) vulnerability. This occurs when the .htaccess file is deleted prior to version 1.8.180.

Recommendations For versions prior to 1.8.180, update to version 1.8.180 to resolve the issue. As a temporary workaround, consider restricting access to the server to prevent malicious file uploads until the update is applied. Additionally, avoid deleting the .htaccess file to minimize the risk of exploitation.