High severity8.8NVD Advisory· Published Feb 19, 2018· Updated Jun 17, 2026
CVE-2017-16756
CVE-2017-16756
Description
An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the "index.php?pg=password.change" endpoint. This allows an attacker to change the password of another user's HelpSpot account.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- ruby.sh/helpspot-disclosure-20180206.txtnvdExploitThird Party Advisory
- www.helpspot.com/releasesnvdVendor Advisory
- www.helpspot.com/releases/version-4-7-2nvdVendor Advisory
News mentions
0No linked articles in our index yet.