CVE-2026-41904 - FreeScout Stored XSS vulnerability in mailbox auto-reply: payload reaches every customer's email client (no CSP), bypassing strip_tags validator with mixed text+HTML content
CVE ID :CVE-2026-41904 Published : May 7, 2026, 6:05 p.m. | 57 minutes ago Description :FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Microsoft Issues Warning About Linux 'Copy Fail' Vulnerability
- [CYBER] Dirty Frag - Linux LPE similiar to Copy Fail
- [CYBER] IMF Warns AI Will Supercharge Cyberattacks on Global Financial System
- [CYBER] Wordfence Intelligence Weekly WordPress Vulnerability Report (April 27, 2026 to May 3, 2026)
- [CYBER] CVE-2026-8086 - OSGeo gdal SWapi.c SWnentries heap-based overflow
- [CYBER] CVE-2026-41653 - BentoPDF: Stored XSS via Markdown Editor Leading to Persistent File Exfiltration