Cross-site Scripting in livehelperchat

🗓️ 28 Jan 2022 23:32:06Reported by GitHub Advisory DatabaseType

Cross-site Scripting in livehelperchat. Stored XSS in Settings>Live help configuration>Departments->Departments groups->edit. User creates new webhook with payload, executed at user edit groupname

Reporter	Title	Published	Views	Family All 7
Huntr	Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat	27 Jan 202202:45	–	huntr
OSV	Cross-site Scripting in livehelperchat	28 Jan 202223:06	–	osv
OSV	CVE-2022-0387	27 Jan 202206:15	–	osv
NVD	CVE-2022-0387	27 Jan 202206:15	–	nvd
CVE	CVE-2022-0387	27 Jan 202206:15	–	cve
Prion	Cross site scripting	27 Jan 202206:15	–	prion
Cvelist	CVE-2022-0387 Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat	27 Jan 202205:20	–	cvelist

Vulners

Node

remdex livehelperchatRange<3.93

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-0387
github	www.github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444
huntr	www.huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98
github	www.github.com/advisories/GHSA-w4hp-pcp8-qhf3

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

28 Jan 2022 23:06Current

CVSS23.5

CVSS35.4 - 6.3

EPSS0.00267

CWE-79