FreeScout has HTML Injection in Outgoing Emails via Unsanitized Customer Name in Signature Variables

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization and rendered unescaped into outgoing reply emails via the `{%customer.fullName%}` signature variable. This allows embedding phishing links, tracking pixels, and spoofed content inside legitimate support emails sent from the organization's address. Version 1.8.213 fixes the issue.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

对输出编码和转义不恰当

FreeScout 安全漏洞

FreeScout是FreeScout公司的一个使用 PHP（Laravel 框架）构建的超轻量级且功能强大的免费开源帮助台和共享收件箱。 FreeScout 1.8.213之前版本存在安全漏洞，该漏洞源于From显示名称未经清理存储在数据库中并在回复邮件中未转义渲染，可能导致未经身份验证的攻击者将任意HTML注入外发电子邮件。

N/A

N/A