CVE-2026-23758 | GFI HelpDesk up to 4.99.8 POST Parameter Controller_Ticket.EditSubmit editsubject cross site scripting

Inserito da Angelo Barbosa | Apr 20, 2026 | CVE

A vulnerability classified as problematic has been found in GFI HelpDesk up to 4.99.8. The impacted element is the function Controller_Ticket.EditSubmit of the component POST Parameter Handler. The manipulation of the argument editsubject leads to cross site scripting.

This vulnerability is listed as CVE-2026-23758. The attack may be initiated remotely. There is no available exploit.

It is recommended to upgrade the affected component.

CVE-2026-23758 | GFI HelpDesk up to 4.99.8 POST Parameter Controller_Ticket.EditSubmit editsubject cross site scripting

Post correlati

CVE-2026-5614 | Belkin F9K1015 1.00.10 /goform/formSetPassword webpage stack-based overflow

CVE-2025-7901 | yangzongzhuan RuoYi up to 4.8.1 Swagger UI /swagger-ui/index.html configUrl cross site scripting (Issue 293)

CVE-2025-27271 | DB Tables Import Export Plugin up to 1.0.1 on WordPress cross site scripting

CVE-2024-7071 | Brain Information Technologies Brain Low-Code up to 2.0.x sql injection