CVE-2026-23758 | GFI HelpDesk up to 4.99.8 POST Parameter Controller_Ticket.EditSubmit editsubject cross site scripting

A vulnerability classified as problematic has been found in GFI HelpDesk up to 4.99.8. The impacted element is the function Controller_Ticket.EditSubmit of the component POST Parameter Handler. The manipulation of the argument editsubject leads to cross site scripting.

This vulnerability is listed as CVE-2026-23758. The attack may be initiated remotely. There is no available exploit.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More