Plattform
php
Komponente
freescout-help-desk
Behoben in
1.8.214
CVE-2026-40497 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in FreeScout, a free self-hosted help desk and shared mailbox system. This flaw allows an attacker to inject malicious CSS code into mailbox settings, potentially leading to Cross-Site Scripting (XSS) attacks. The vulnerability impacts versions 1.0.0 through 1.8.212, and a fix is available in version 1.8.213.
The vulnerability lies in FreeScout's inadequate sanitization of <style> tags within the mailbox signature field. While the application attempts to remove other potentially dangerous HTML tags like <script> and <iframe>, it fails to strip <style> tags. These tags are then rendered unescaped in conversation views, and due to the existing Content Security Policy (CSP) allowing inline styles, injected CSS can execute freely. An attacker who has access to mailbox settings, either as an administrator or an agent with mailbox permissions, can exploit this to inject malicious CSS. This could lead to XSS, allowing the attacker to steal user cookies, redirect users to phishing sites, or deface the application’s interface.
CVE-2026-40497 was publicly disclosed on 2026-04-21. No public proof-of-concept (PoC) code has been released at the time of writing, but the vulnerability's nature and the ease of CSS injection suggest a moderate risk of exploitation. The EPSS score is likely to be medium, reflecting the potential for widespread impact given the popularity of FreeScout and the relatively simple exploitation technique. It is not currently listed on the CISA KEV catalog.
Organizations using FreeScout for help desk and shared mailbox management are at risk, particularly those running versions 1.0.0 through 1.8.212. Shared hosting environments where multiple users share a FreeScout instance are especially vulnerable, as an attacker could potentially compromise the settings of one mailbox and impact other users.
• php: Examine FreeScout logs for POST requests to /mailbox/settings/{id} containing <style> tags with unusual or obfuscated content. Use grep to search for patterns like style=javascript: or style=expression.
grep 'style=javascript:' /var/log/freescout/access.log• generic web: Monitor HTTP POST requests to /mailbox/settings/{id} for suspicious CSS content in the request body. Use a WAF or intrusion detection system to flag such requests.
• generic web: Check mailbox signatures for unusual CSS patterns. Inspect the HTML source code of conversation views for injected <style> tags.
disclosure
Exploit-Status
EPSS
0.04% (11% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-40497 is to immediately upgrade FreeScout to version 1.8.213 or later, which includes the necessary fix. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block POST requests to /mailbox/settings/{id} containing potentially malicious <style> tags. Additionally, review and restrict mailbox permissions to limit the number of users who can modify mailbox settings. Monitor FreeScout logs for suspicious POST requests to the settings endpoint. After upgrading, confirm the fix by attempting to inject a simple <style> tag into a mailbox signature and verifying that it is properly sanitized and does not execute.
Aktualisieren Sie FreeScout auf Version 1.8.213 oder höher. Diese Version enthält eine Behebung, die die `<style>`-Tags aus der Mailbox-Signatur korrekt entfernt und so CSS-Injektionen und die mögliche Exfiltration von CSRF-Token verhindert.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-40497 is a Cross-Site Request Forgery (CSRF) vulnerability in FreeScout versions 1.0.0 through 1.8.212, allowing attackers to inject malicious CSS and potentially execute XSS.
Yes, if you are running FreeScout versions 1.0.0 through 1.8.212, you are affected by this vulnerability.
Upgrade FreeScout to version 1.8.213 or later to resolve the vulnerability. Consider WAF rules as a temporary mitigation.
No active exploitation has been confirmed, but the vulnerability's nature suggests a potential for exploitation.
Refer to the FreeScout security advisory for details: [https://freescout.com/security/](https://freescout.com/security/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.