Skip to content
Threat Feed

Tag

Css-Injection

1 brief RSS
high advisory

FreeScout CSS Injection Vulnerability in Mailbox Signature Leads to Privilege Escalation (CVE-2026-40497)

FreeScout versions prior to 1.8.213 are vulnerable to CSS injection via the mailbox signature, allowing an attacker with mailbox settings access to exfiltrate CSRF tokens and escalate privileges.

freescout css-injection privilege-escalation cve-2026-40497
2r 2t 1c