Lucene search

GitHub Advisory DatabaseGHSA-9HGC-WPC5-V8P9

HistoryApr 30, 2022 - 12:00 a.m.

An attacker can execute malicious javascript in Live Helper Chat

2022-04-3000:00:37

CWE-79

GitHub Advisory Database

github.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

30.2%

JSON

Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious javascript on application.

Affected configurations

Vulners

Node

remdexlivehelperchatRange<3.99

CPENameOperatorVersion
remdex/livehelperchatlt3.99

CPE	Name	Operator	Version
	remdex/livehelperchat	lt	3.99

References

github.com/advisories/GHSA-9hgc-wpc5-v8p9

github.com/livehelperchat/livehelperchat/commit/edef7a8387be718d0de2dfd1e722789afb0461bc

huntr.dev/bounties/8fd8de01-7e83-4324-9cc8-a97acb9b70d6

nvd.nist.gov/vuln/detail/CVE-2022-1530

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

30.2%

JSON

Related for GHSA-9HGC-WPC5-V8P9