CVE-2026-40229

Name of the Vulnerable Software and Affected Versions Helpy version 2.8.0

Description A stored cross-site scripting issue exists in the post author display logic. A registered user can persist arbitrary HTML in the account name field, which is then rendered unescaped in public forum threads, the admin ticket view, and HTML notification emails sent to other users.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.