CVE-2022-1234 XSS in livehelperchat in livehelperchat/livehelperchat

2022-04-0603:10:15

CWE-79

@huntrdev

www.cve.org

xss

livehelperchat

github

vulnerability

compromise

user accounts

web pages

device

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.0%

JSON

XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device.

CNA Affected

[
  {
    "product": "livehelperchat/livehelperchat",
    "vendor": "livehelperchat",
    "versions": [
      {
        "lessThan": "3.97",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]