CVE-2026-40230 – Helpy 2.8.0 – Stored XSS in knowledgebase Doc body rendering

CVE ID :CVE-2026-40230

Published : April 29, 2026, 4:16 p.m. | 2 hours, 1 minute ago

Description :Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…