CVE-2023-0357 — CVSS 6.1 (medium): Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the…
CVE-2025-52184 — CVSS 6.1 (medium): Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows a remote attacker to escalate privileges via the New Topic Ticket funtion.
CVE-2026-40229 — CVSS 5.4 (medium): Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML…
CVE-2026-40230 — CVSS 5.4 (medium): Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin…