Search criteria
12 vulnerabilities found for helpy by helpy.io
FKIE_CVE-2025-52184
Vulnerability from fkie_nvd - Published: 2025-08-26 17:15 - Updated: 2025-09-09 18:55
Severity ?
Summary
Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows a remote attacker to escalate privileges via the New Topic Ticket funtion.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/gmrvh/947e517f263245b13abcc63226907f4f | Product | |
| cve@mitre.org | https://gist.github.com/gmrvh/eeb6aa8b379c7ad3860d78ee054f6123 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:helpy.io:helpy:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7548AEC-F6A1-40AE-8378-B5A1BFB8A8BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows a remote attacker to escalate privileges via the New Topic Ticket funtion."
},
{
"lang": "es",
"value": "La vulnerabilidad de cross-site scripting en Helpy.io v.2.8.0 permite a un atacante remoto escalar privilegios a trav\u00e9s de la funci\u00f3n de ticket de nuevo tema."
}
],
"id": "CVE-2025-52184",
"lastModified": "2025-09-09T18:55:57.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-08-26T17:15:39.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://gist.github.com/gmrvh/947e517f263245b13abcc63226907f4f"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/gmrvh/eeb6aa8b379c7ad3860d78ee054f6123"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-0357
Vulnerability from fkie_nvd - Published: 2023-04-04 23:15 - Updated: 2025-02-13 17:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket.
References
| URL | Tags | ||
|---|---|---|---|
| help@fluidattacks.com | https://fluidattacks.com/advisories/quayle/ | Exploit, Third Party Advisory | |
| help@fluidattacks.com | https://github.com/helpyio/helpy/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fluidattacks.com/advisories/quayle/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helpyio/helpy/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:helpy.io:helpy:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7548AEC-F6A1-40AE-8378-B5A1BFB8A8BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket."
}
],
"id": "CVE-2023-0357",
"lastModified": "2025-02-13T17:15:54.763",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-04T23:15:07.153",
"references": [
{
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fluidattacks.com/advisories/quayle/"
},
{
"source": "help@fluidattacks.com",
"tags": [
"Product"
],
"url": "https://github.com/helpyio/helpy/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fluidattacks.com/advisories/quayle/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/helpyio/helpy/"
}
],
"sourceIdentifier": "help@fluidattacks.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2018-20851
Vulnerability from fkie_nvd - Published: 2019-07-10 14:15 - Updated: 2024-11-21 04:02
Severity ?
Summary
Helpy before 2.2.0 allows agents to edit admins.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/helpyio/helpy/commit/a26dd854deb17e36a605f91a6f51d128e98d3818 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/helpyio/helpy/compare/d64e97a...592bc60 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helpyio/helpy/commit/a26dd854deb17e36a605f91a6f51d128e98d3818 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helpyio/helpy/compare/d64e97a...592bc60 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:helpy.io:helpy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EEDD5C0-75E0-4BDA-AE03-A9F73DB72746",
"versionEndExcluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Helpy before 2.2.0 allows agents to edit admins."
},
{
"lang": "es",
"value": "Helpy versiones anteriores a 2.2.0, permite a agentes editar administradores."
}
],
"id": "CVE-2018-20851",
"lastModified": "2024-11-21T04:02:18.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-10T14:15:10.950",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/helpyio/helpy/commit/a26dd854deb17e36a605f91a6f51d128e98d3818"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/helpyio/helpy/compare/d64e97a...592bc60"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/helpyio/helpy/commit/a26dd854deb17e36a605f91a6f51d128e98d3818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/helpyio/helpy/compare/d64e97a...592bc60"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-18886
Vulnerability from fkie_nvd - Published: 2019-06-18 14:15 - Updated: 2024-11-21 03:56
Severity ?
Summary
Helpy v2.1.0 has Stored XSS via the Ticket title.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/helpyio/helpy | Product, Third Party Advisory | |
| cve@mitre.org | https://github.com/helpyio/helpy/releases/tag/2.2.0 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helpyio/helpy | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helpyio/helpy/releases/tag/2.2.0 | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:helpy.io:helpy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EEDD5C0-75E0-4BDA-AE03-A9F73DB72746",
"versionEndExcluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Helpy v2.1.0 has Stored XSS via the Ticket title."
},
{
"lang": "es",
"value": "Helpy en la versi\u00f3n v2.1.0 ha almacenado Cross-Site Scripting (XSS) mediante el t\u00edtulo de ticket."
}
],
"id": "CVE-2018-18886",
"lastModified": "2024-11-21T03:56:49.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-18T14:15:11.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/helpyio/helpy"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/helpyio/helpy/releases/tag/2.2.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/helpyio/helpy"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/helpyio/helpy/releases/tag/2.2.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-52184 (GCVE-0-2025-52184)
Vulnerability from cvelistv5 – Published: 2025-08-26 00:00 – Updated: 2025-08-27 16:17
VLAI?
Summary
Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows a remote attacker to escalate privileges via the New Topic Ticket funtion.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-52184",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T16:16:41.419484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:17:40.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows a remote attacker to escalate privileges via the New Topic Ticket funtion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T16:47:13.759Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gist.github.com/gmrvh/947e517f263245b13abcc63226907f4f"
},
{
"url": "https://gist.github.com/gmrvh/eeb6aa8b379c7ad3860d78ee054f6123"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-52184",
"datePublished": "2025-08-26T00:00:00.000Z",
"dateReserved": "2025-06-16T00:00:00.000Z",
"dateUpdated": "2025-08-27T16:17:40.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0357 (GCVE-0-2023-0357)
Vulnerability from cvelistv5 – Published: 2023-04-04 00:00 – Updated: 2025-02-13 16:20
VLAI?
Summary
Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket.
Severity ?
6.1 (Medium)
CWE
- Stored cross-site scripting (XSS)
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/quayle/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/helpyio/helpy/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0357",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T16:19:26.415552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T16:20:19.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Helpy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-04T00:00:00.000Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"url": "https://fluidattacks.com/advisories/quayle/"
},
{
"url": "https://github.com/helpyio/helpy/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2023-0357",
"datePublished": "2023-04-04T00:00:00.000Z",
"dateReserved": "2023-01-17T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:20:19.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20851 (GCVE-0-2018-20851)
Vulnerability from cvelistv5 – Published: 2019-07-10 13:38 – Updated: 2024-08-05 12:12
VLAI?
Summary
Helpy before 2.2.0 allows agents to edit admins.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/helpyio/helpy/commit/a26dd854deb17e36a605f91a6f51d128e98d3818"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/helpyio/helpy/compare/d64e97a...592bc60"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Helpy before 2.2.0 allows agents to edit admins."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-10T13:38:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/helpyio/helpy/commit/a26dd854deb17e36a605f91a6f51d128e98d3818"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/helpyio/helpy/compare/d64e97a...592bc60"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Helpy before 2.2.0 allows agents to edit admins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/helpyio/helpy/commit/a26dd854deb17e36a605f91a6f51d128e98d3818",
"refsource": "MISC",
"url": "https://github.com/helpyio/helpy/commit/a26dd854deb17e36a605f91a6f51d128e98d3818"
},
{
"name": "https://github.com/helpyio/helpy/compare/d64e97a...592bc60",
"refsource": "MISC",
"url": "https://github.com/helpyio/helpy/compare/d64e97a...592bc60"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20851",
"datePublished": "2019-07-10T13:38:04",
"dateReserved": "2019-07-10T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18886 (GCVE-0-2018-18886)
Vulnerability from cvelistv5 – Published: 2019-06-18 13:08 – Updated: 2024-08-05 11:23
VLAI?
Summary
Helpy v2.1.0 has Stored XSS via the Ticket title.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/helpyio/helpy"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/helpyio/helpy/releases/tag/2.2.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Helpy v2.1.0 has Stored XSS via the Ticket title."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-18T13:08:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/helpyio/helpy"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/helpyio/helpy/releases/tag/2.2.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Helpy v2.1.0 has Stored XSS via the Ticket title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/helpyio/helpy",
"refsource": "MISC",
"url": "https://github.com/helpyio/helpy"
},
{
"name": "https://github.com/helpyio/helpy/releases/tag/2.2.0",
"refsource": "CONFIRM",
"url": "https://github.com/helpyio/helpy/releases/tag/2.2.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18886",
"datePublished": "2019-06-18T13:08:35",
"dateReserved": "2018-10-31T00:00:00",
"dateUpdated": "2024-08-05T11:23:08.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52184 (GCVE-0-2025-52184)
Vulnerability from nvd – Published: 2025-08-26 00:00 – Updated: 2025-08-27 16:17
VLAI?
Summary
Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows a remote attacker to escalate privileges via the New Topic Ticket funtion.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-52184",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T16:16:41.419484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:17:40.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows a remote attacker to escalate privileges via the New Topic Ticket funtion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T16:47:13.759Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gist.github.com/gmrvh/947e517f263245b13abcc63226907f4f"
},
{
"url": "https://gist.github.com/gmrvh/eeb6aa8b379c7ad3860d78ee054f6123"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-52184",
"datePublished": "2025-08-26T00:00:00.000Z",
"dateReserved": "2025-06-16T00:00:00.000Z",
"dateUpdated": "2025-08-27T16:17:40.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0357 (GCVE-0-2023-0357)
Vulnerability from nvd – Published: 2023-04-04 00:00 – Updated: 2025-02-13 16:20
VLAI?
Summary
Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket.
Severity ?
6.1 (Medium)
CWE
- Stored cross-site scripting (XSS)
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/quayle/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/helpyio/helpy/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0357",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T16:19:26.415552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T16:20:19.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Helpy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-04T00:00:00.000Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"url": "https://fluidattacks.com/advisories/quayle/"
},
{
"url": "https://github.com/helpyio/helpy/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2023-0357",
"datePublished": "2023-04-04T00:00:00.000Z",
"dateReserved": "2023-01-17T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:20:19.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20851 (GCVE-0-2018-20851)
Vulnerability from nvd – Published: 2019-07-10 13:38 – Updated: 2024-08-05 12:12
VLAI?
Summary
Helpy before 2.2.0 allows agents to edit admins.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/helpyio/helpy/commit/a26dd854deb17e36a605f91a6f51d128e98d3818"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/helpyio/helpy/compare/d64e97a...592bc60"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Helpy before 2.2.0 allows agents to edit admins."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-10T13:38:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/helpyio/helpy/commit/a26dd854deb17e36a605f91a6f51d128e98d3818"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/helpyio/helpy/compare/d64e97a...592bc60"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Helpy before 2.2.0 allows agents to edit admins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/helpyio/helpy/commit/a26dd854deb17e36a605f91a6f51d128e98d3818",
"refsource": "MISC",
"url": "https://github.com/helpyio/helpy/commit/a26dd854deb17e36a605f91a6f51d128e98d3818"
},
{
"name": "https://github.com/helpyio/helpy/compare/d64e97a...592bc60",
"refsource": "MISC",
"url": "https://github.com/helpyio/helpy/compare/d64e97a...592bc60"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20851",
"datePublished": "2019-07-10T13:38:04",
"dateReserved": "2019-07-10T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18886 (GCVE-0-2018-18886)
Vulnerability from nvd – Published: 2019-06-18 13:08 – Updated: 2024-08-05 11:23
VLAI?
Summary
Helpy v2.1.0 has Stored XSS via the Ticket title.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/helpyio/helpy"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/helpyio/helpy/releases/tag/2.2.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Helpy v2.1.0 has Stored XSS via the Ticket title."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-18T13:08:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/helpyio/helpy"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/helpyio/helpy/releases/tag/2.2.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Helpy v2.1.0 has Stored XSS via the Ticket title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/helpyio/helpy",
"refsource": "MISC",
"url": "https://github.com/helpyio/helpy"
},
{
"name": "https://github.com/helpyio/helpy/releases/tag/2.2.0",
"refsource": "CONFIRM",
"url": "https://github.com/helpyio/helpy/releases/tag/2.2.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18886",
"datePublished": "2019-06-18T13:08:35",
"dateReserved": "2018-10-31T00:00:00",
"dateUpdated": "2024-08-05T11:23:08.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}