CVE-2026-23753
Received Received - Intake
Stored XSS in GFI HelpDesk Language Management Allows Admin Hijack

Publication date: 2026-04-20

Last updated on: 2026-04-27

Assigner: VulnCheck

Description
GFI HelpDesk beforeΒ 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFT_Language::Create() without HTML sanitization and subsequently rendered unsanitized by View_Language.RenderGrid(). An authenticated administrator can inject arbitrary JavaScript through the charset field when creating or editing a language, and the payload executes in the browser of any administrator viewing the Languages page.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-20
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-20
EPSS Evaluated
2026-06-14
NVD
CVE-2026-23753
EUVD
EUVD-2026-23928
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gfi helpdesk to 4.99.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-23753 is a stored cross-site scripting (XSS) vulnerability in GFI HelpDesk versions before 4.99.9. It occurs in the language management functionality where the charset POST parameter is passed directly to the function SWIFT_Language::Create() without any HTML sanitization.

Because the input is not sanitized, an authenticated administrator can inject arbitrary JavaScript code through the charset field when creating or editing a language. This malicious script is then stored and executed in the browsers of any administrators who view the Languages page.

Impact Analysis

This vulnerability can lead to unauthorized actions or data exposure within the GFI HelpDesk application. Since the injected JavaScript executes in the browsers of administrators viewing the Languages page, it could be used to perform actions on behalf of those administrators or steal sensitive information accessible to them.

Detection Guidance

This vulnerability can be detected by checking for the presence of unsanitized JavaScript code injected into the charset POST parameter within the language management functionality of GFI HelpDesk versions prior to 4.99.9.

Since the vulnerability requires an authenticated administrator to inject the payload, detection involves reviewing POST requests to the language creation or editing endpoints for suspicious charset parameter values containing JavaScript code.

Network or system administrators can monitor HTTP POST requests to the language management pages and look for unusual or suspicious payloads in the charset parameter.

  • Use web proxy tools (e.g., Burp Suite, OWASP ZAP) to intercept and inspect POST requests to the language management functionality, focusing on the charset parameter.
  • Run a command-line search on server logs for POST requests containing the charset parameter with suspicious script tags, for example:
  • grep -i "charset=.*<script" /path/to/webserver/logs/access.log
  • Use curl or similar tools to simulate POST requests with test payloads in the charset parameter to verify if the system is vulnerable.
Mitigation Strategies

To mitigate this vulnerability immediately, upgrade GFI HelpDesk to version 4.99.9 or later where the issue has been fixed.

If upgrading is not immediately possible, restrict access to the language management functionality to trusted administrators only and monitor for suspicious activity.

Ensure that administrators are aware of the risk and avoid interacting with untrusted or suspicious language entries.

Implement web application firewall (WAF) rules to detect and block POST requests containing suspicious JavaScript code in the charset parameter.

Compliance Impact

The provided information does not specify how CVE-2026-23753 impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23753. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart