João Lopes

**Name of the Vulnerable Software and Affected Versions** Helpdeskz version 2.0.2 **Description** A cross-site scripting (XSS) issue exists in the /staff/tools/custom-fields endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `email name` field. **Recommendations** For Helpdeskz version 2.0.2, as a temporary workaround, consider restricting access to the /staff/tools/custom-fields endpoint until a patch is available. Avoid using the `email name` field in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.