CVE-2026-40565 - FreeScout has Stored XSS / CSS Injection via linkify() — Unescaped URL in Anchor href
CVE ID :CVE-2026-40565 Published : April 21, 2026, 3:52 p.m. | 13 minutes ago Description :FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify() function in app/Misc/Helper.php converts plain-text URLs in email bodies into HTML anchor tag
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Post-Mythos: what are you actually doing differently right now?
- [CYBER] Why is Claude Mythos good at Cyber Security?
- [CYBER] Lauren Bonvini on Building Confidence Through a More Practical Approach to Stage Fright
- [CYBER] The Ungoverned Workforce: Cybersecurity Insiders Finds 92% Lack Visibility Into AI Identities
- [CYBER] After the Kelp hack, TVL in DeFi faced a liquidity outflow - Coinspot.io
- [CYBER] Trojanized Android App Fuels New Wave of NFC Fraud