XSS in Freescout-help-desk Freescout

CVE-2026-32753

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, bypasses of the attachment view logic and SVG sanitizer make it possible to upload and render an SVG that runs malicious Java…

EPSS: 0.000 (12.5th percentile) — read the EPSS interpretation.

Affected products

Freescout-help-desk Freescout — versions < 1.8.209

Weakness classification (CWE)

CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

References

https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-cvr8-cw5c-5pfw (x_refsource_CONFIRM)
https://github.com/freescout-help-desk/freescout/commit/cb8618845704aef8f5e4a494c7f605e7bd9fdaeb (x_refsource_MISC)
https://github.com/freescout-help-desk/freescout/releases/tag/1.8.209 (x_refsource_MISC)