CVE-2026-23753: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GFI Software HelpDesk
GFI HelpDesk versions before 4. 99. 9 contain a stored cross-site scripting (XSS) vulnerability in the language management functionality. An authenticated administrator can inject arbitrary JavaScript code via the charset POST parameter when creating or editing a language. This injected script is then rendered unsanitized in the browser of any administrator viewing the Languages page, potentially leading to script execution in their context. The vulnerability has a CVSS 4. 8 (medium) severity score. No official patch or remediation guidance is currently confirmed from the vendor.
AI Analysis
Technical Summary
CVE-2026-23753 is a stored cross-site scripting vulnerability in GFI HelpDesk prior to version 4.99.9. The issue arises because the charset POST parameter is passed directly to the SWIFT_Language::Create() function without HTML sanitization and is later rendered unsanitized by View_Language.RenderGrid(). This allows an authenticated administrator to inject arbitrary JavaScript code, which executes in the browsers of other administrators viewing the Languages page. The vulnerability requires administrator privileges to exploit and does not involve user interaction beyond viewing the affected page.
Potential Impact
An attacker with authenticated administrator access can inject malicious JavaScript code that executes in the browsers of other administrators viewing the Languages page. This could lead to session hijacking, unauthorized actions performed with administrator privileges, or other malicious activities within the context of the HelpDesk application. The vulnerability does not affect unauthenticated users and requires administrator-level access to exploit.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict administrator access to trusted personnel only and consider monitoring for unusual administrator activity. Avoid viewing the Languages page in untrusted environments. Do not rely on generic mitigations; wait for vendor-provided patches or official workarounds.
CVE-2026-23753: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GFI Software HelpDesk
Description
GFI HelpDesk versions before 4. 99. 9 contain a stored cross-site scripting (XSS) vulnerability in the language management functionality. An authenticated administrator can inject arbitrary JavaScript code via the charset POST parameter when creating or editing a language. This injected script is then rendered unsanitized in the browser of any administrator viewing the Languages page, potentially leading to script execution in their context. The vulnerability has a CVSS 4. 8 (medium) severity score. No official patch or remediation guidance is currently confirmed from the vendor.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-23753 is a stored cross-site scripting vulnerability in GFI HelpDesk prior to version 4.99.9. The issue arises because the charset POST parameter is passed directly to the SWIFT_Language::Create() function without HTML sanitization and is later rendered unsanitized by View_Language.RenderGrid(). This allows an authenticated administrator to inject arbitrary JavaScript code, which executes in the browsers of other administrators viewing the Languages page. The vulnerability requires administrator privileges to exploit and does not involve user interaction beyond viewing the affected page.
Potential Impact
An attacker with authenticated administrator access can inject malicious JavaScript code that executes in the browsers of other administrators viewing the Languages page. This could lead to session hijacking, unauthorized actions performed with administrator privileges, or other malicious activities within the context of the HelpDesk application. The vulnerability does not affect unauthenticated users and requires administrator-level access to exploit.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict administrator access to trusted personnel only and consider monitoring for unusual administrator activity. Avoid viewing the Languages page in untrusted environments. Do not rely on generic mitigations; wait for vendor-provided patches or official workarounds.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-01-15T18:42:20.938Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e669e219fe3cd2cd1fdd49
Added to database: 4/20/2026, 6:01:06 PM
Last enriched: 4/20/2026, 6:16:09 PM
Last updated: 4/20/2026, 8:54:20 PM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.