CVE-2026-40230

· NIST NVD ↗

Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0.

MEDIUM
CVSS severity
5.4
CVSS base score
2026-04-29
Published

CWE codes

CWE-79

Affected products

helpy.io:helpy

Sources