Primary

Context

GFI HelpDesk Stored Cross-Site Scripting Vulnerability in Template Group Management

Vulnerability

A stored cross-site scripting vulnerability has been identified in GFI HelpDesk versions prior to 4.99.9. This issue resides in the template group creation and editing features, allowing authenticated administrators to inject arbitrary JavaScript. The vulnerability arises from inadequate HTML sanitization of the companyname POST parameter. Injected scripts can execute in the browsers of administrators accessing the Templates > Groups page.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected page.

Remediation

Users are advised to upgrade to GFI HelpDesk version 4.99.9 or later, where this vulnerability has been addressed. The latest version can be downloaded from the GFI Upgrade Center.

Added: Apr 20, 2026, 6:51 PM

Updated: Apr 20, 2026, 6:51 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

4.5

remediation

0.0

relevance

6.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

4.5

remediation

0.0

relevance

6.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GFI HelpDesk Stored Cross-Site Scripting Vulnerability in Template Group Management

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating