CVE-2018-18886

Helpy v2.1.0 has Stored XSS via the Ticket title.

CVE-2018-20851

Helpy before 2.2.0 allows agents to edit admins.