CVE-2026-23756 | GFI HelpDesk up to 4.99.8 Troubleshooter Controller_Step.InsertSubmit subject cross site scripting

Inserito da Angelo Barbosa | Apr 20, 2026 | CVE

A vulnerability marked as problematic has been reported in GFI HelpDesk up to 4.99.8. Impacted is the function Controller_Step.InsertSubmit of the component Troubleshooter Module. Performing a manipulation of the argument subject results in cross site scripting.

This vulnerability is identified as CVE-2026-23756. The attack can be initiated remotely. There is not any exploit available.

It is suggested to upgrade the affected component.

CVE-2026-23756 | GFI HelpDesk up to 4.99.8 Troubleshooter Controller_Step.InsertSubmit subject cross site scripting

Post correlati

CVE-2026-2011 | itsourcecode Student Management System 1.0 controller.php ID sql injection

CVE-2025-4208 | NEX-Forms Plugin up to 8.9.1 on WordPress call_user_func privilege escalation

CVE-2024-2031 | Video Conferencing with Zoom Plugin up to 4.4.4 on WordPress Shortcode cross site scripting

CVE-2024-1553 | Mozilla Thunderbird memory corruption