CVE-2026-23752 GFI HelpDesk < 4.99.9 Stored XSS via companyname Parameter

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary JavaScript by manipulating the companyname POST parameter without HTML sanitization. Attackers can...

CVE-2026-23752 GFI HelpDesk < 4.99.9 Stored XSS via companyname Parameter

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary JavaScript by manipulating the companyname POST parameter without HTML sanitization. Attackers can...

CVE-2026-23752

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary JavaScript by manipulating the companyname POST parameter without HTML sanitization. Attackers can...

CVE-2026-23752

CVE-2026-23752 affects GFI HelpDesk prior to 4.99.9. The vulnerability is a stored XSS in the template group creation/editing flow, exploitable via the companyname POST parameter without HTML sanitization. When an authenticated administrator views the Templates &gt; Groups page, the injected scri...

GFI HelpDesk 安全漏洞

GFI HelpDesk is an open-source service request and ticket management system for enterprise IT support processes developed by GFI. Versions of GFI HelpDesk prior to 4.99.9 contained security vulnerabilities. These vulnerabilities stemmed from insufficient cleaning of the companyname POST parameter...