Medium severity5.4NVD Advisory· Published Apr 29, 2026· Updated May 1, 2026
CVE-2026-40229
CVE-2026-40229
Description
Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML notification emails sent to other users.This issue affects helpy: 2.8.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1- fluidattacks.com/es/advisories/offspringnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.