CVE-2023-0357

Name of the Vulnerable Software and Affected Versions Helpy version 2.8.0

Description The issue allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket.

Recommendations For version 2.8.0, update to a newer version that correctly validates customer attachments to prevent XSS exploitation. As a temporary workaround, consider restricting the ability for customers to send attachments in tickets until a patch is available.