CVE-2026-23757
Received Received - Intake
Stored XSS in GFI HelpDesk Reports Module Allows Script Injection

Publication date: 2026-04-20

Last updated on: 2026-04-27

Assigner: VulnCheck

Description
GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFT_Report::Create() without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a report, and the payload executes when staff members view and click the affected report link in the Manage Reports interface.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-20
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-20
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23757
EUVD
EUVD-2026-23929
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gfi helpdesk to 4.99.10 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-23757 is a stored cross-site scripting (XSS) vulnerability in GFI HelpDesk versions before 4.99.10, specifically in the Reports module.

The vulnerability occurs because the "title" parameter is passed directly to the function SWIFT_Report::Create() without proper HTML sanitization.

This allows attackers to inject arbitrary JavaScript code into the report title field when creating or editing reports.

The injected malicious script executes when staff members view and click the affected report link in the Manage Reports interface.

Impact Analysis

This vulnerability can impact you by allowing attackers to execute arbitrary JavaScript code in the context of the affected application.

When staff members view or click on the compromised report link, the malicious script runs, potentially leading to unauthorized actions such as session hijacking, data theft, or manipulation of the user interface.

However, the CVSS scores indicate the impact on confidentiality, integrity, and availability is low, and user interaction is required for exploitation.

Detection Guidance

This vulnerability can be detected by checking for the presence of malicious JavaScript code injected into the report title fields within the Reports module of GFI HelpDesk versions prior to 4.99.10.

Since the issue involves stored cross-site scripting in the report titles, detection involves reviewing report titles for suspicious script tags or JavaScript code.

There are no specific commands provided in the available resources to detect this vulnerability on your network or system.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade GFI HelpDesk to version 4.99.10 or later, where the vulnerability has been fixed.

Until the upgrade is applied, avoid creating or editing reports with untrusted input in the title field to prevent injection of malicious scripts.

Additionally, educate staff members to be cautious when clicking on report links in the Manage Reports interface, especially if the source of the report is untrusted.

Compliance Impact

The provided information does not specify how the stored cross-site scripting vulnerability in GFI HelpDesk affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23757. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart