CVE-2025-48388

HIGH Year: 2025
Weakness Type
CWE-93
View all →

Vulnerability Description

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application performs insufficient validation of user-supplied data, which is used as arguments to string formatting functions. As a result, an attacker can pass a string containing special symbols (\r, \n, \t)to the application. This issue has been patched in version 1.8.178.

Related Vulnerabilities

CVE-2021-39172

HIGH
CVSS:8.8(High)

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition ...

CWE-932021

CVE-2023-26130

HIGH
CVSS:8.8(High)

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete ...

CWE-932023

CVE-2023-38551

HIGH
CVSS:8.2(High)

A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting...

CWE-932023

CVE-2024-20337

HIGH
CVSS:8.2(High)

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user....

CWE-932024

CVE-2017-15400

HIGH
CVSS:7.8(High)

Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD f...

CWE-932017

CVE-2024-45302

HIGH
CVSS:7.8(High)

RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to `RestRequest.AddHeader` (the header value) is vulnerable to CRLF injection. The same applies to `RestRequest.AddOrUpdate...

CWE-932024