QwikSec

Security Database

CVE

CWE

Training

CVE-2026-40230

Published: Apr 29, 2026

Modified: Apr 29, 2026

PUBLISHED

Description

Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0.

Vendor	Product	Versions
helpyio	helpy	affected `2.8.0`

Weaknesses (CWE)

References

https://fluidattacks.com/es/advisories/prisioneros

third-party-advisory

https://github.com/helpyio/helpy

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.