5 matches found
CVE-2026-23758
GFI HelpDesk prior to 4.99.9 is affected by a stored XSS in the ticket subject via the editsubject POST parameter. The issue arises from insufficient sanitization in Controller_Ticket.EditSubmit(), which bypasses the incomplete SanitizeForXSS() method, permitting an authenticated staff member to ...
CVE-2026-23757
GFI HelpDesk
CVE-2026-23752
CVE-2026-23752 affects GFI HelpDesk prior to 4.99.9. The vulnerability is a stored XSS in the template group creation/editing flow, exploitable via the companyname POST parameter without HTML sanitization. When an authenticated administrator views the Templates > Groups page, the injected scri...
CVE-2026-23753
GFI HelpDesk
CVE-2026-23756
GFI HelpDesk