CVE-2026-23756 | GFI HelpDesk up to 4.99.8 Troubleshooter Controller_Step.InsertSubmit subject cross site scripting

A vulnerability marked as problematic has been reported in GFI HelpDesk up to 4.99.8. Impacted is the function Controller_Step.InsertSubmit of the component Troubleshooter Module. Performing a manipulation of the argument subject results in cross site scripting.

This vulnerability is identified as CVE-2026-23756. The attack can be initiated remotely. There is not any exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More