3 matches found
CVE-2026-40230
CVE-2026-40230 (Helpy 2.8.0) : A stored cross-site scripting vulnerability exists in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc. This is tied to Helpy ve...
CVE-2026-40229
Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...
PT-2026-35950
Name of the Vulnerable Software and Affected Versions Helpy version 2.8.0 Description A stored cross-site scripting issue exists in the post author display logic. A registered user can persist arbitrary HTML in the account name field, which is then rendered unescaped in public forum threads, the...