Lucene search
Khanhchauminh28E1C356-6EAA-4D93-AF56-938E3B4D40A7HistoryJan 26, 2022 - 7:57 a.m.
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
2022-01-2607:57:27
khanhchauminh
www.huntr.dev
2
0.001 Low
EPSS
Percentile
21.6%
Description
LiveHelperChat is vulnerable to Stored XSS at the Name field in theAdmin themesofSystem configuration.
Payload
{{constructor.constructor('alert(1)')()}}
Steps to reproduce
1.Login then go to Setting ->Live help configuration tab
2.Click on Admin themes inVisual settings for the admin section
3.Click New button and input payload {{constructor.constructor('alert(1)')()}} in theName field
4.Click Save button then go to that theme by clicking on that theme name in the list
Impact
This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the userβs device.
Related
nvd
nvd
CVE-2022-0375
2022-01-26 10:15:08
cve
cve
CVE-2022-0375
2022-01-26 10:15:08
veracode
veracode
Cross-site Scripting (XSS)
2022-01-27 06:10:48
osv
osv
Cross-site Scripting in livehelperchat
2022-01-28 23:06:00
CVE-2022-0375
2022-01-26 10:15:08
BIT-livehelperchat-2022-0375
2024-03-06 10:57:09
prion
prion
Cross site scripting
2022-01-26 10:15:00
github
github
Cross-site Scripting in livehelperchat
2022-01-28 23:06:00
cvelist
cvelist