CVE-2026-23757
Stored XSS in GFI HelpDesk Reports Module Allows Script Injection
Publication date: 2026-04-20
Last updated on: 2026-04-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gfi | helpdesk | to 4.99.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the stored cross-site scripting vulnerability in GFI HelpDesk affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-23757 is a stored cross-site scripting (XSS) vulnerability in GFI HelpDesk versions before 4.99.10, specifically in the Reports module.
The vulnerability occurs because the "title" parameter is passed directly to the function SWIFT_Report::Create() without proper HTML sanitization.
This allows attackers to inject arbitrary JavaScript code into the report title field when creating or editing reports.
The injected malicious script executes when staff members view and click the affected report link in the Manage Reports interface.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute arbitrary JavaScript code in the context of the affected application.
When staff members view or click on the compromised report link, the malicious script runs, potentially leading to unauthorized actions such as session hijacking, data theft, or manipulation of the user interface.
However, the CVSS scores indicate the impact on confidentiality, integrity, and availability is low, and user interaction is required for exploitation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of malicious JavaScript code injected into the report title fields within the Reports module of GFI HelpDesk versions prior to 4.99.10.
Since the issue involves stored cross-site scripting in the report titles, detection involves reviewing report titles for suspicious script tags or JavaScript code.
There are no specific commands provided in the available resources to detect this vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade GFI HelpDesk to version 4.99.10 or later, where the vulnerability has been fixed.
Until the upgrade is applied, avoid creating or editing reports with untrusted input in the title field to prevent injection of malicious scripts.
Additionally, educate staff members to be cautious when clicking on report links in the Manage Reports interface, especially if the source of the report is untrusted.