Lucene search
Khanhchauminh36ABBD6E-239E-4739-8C77-BA212B946A4AHistoryJan 27, 2022 - 2:06 p.m.
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
2022-01-2714:06:54
khanhchauminh
www.huntr.dev
6
cross-site scripting
stored xss
livehelperchat
EPSS
0.001
Percentile
21.4%
Description
LiveHelperChat is vulnerable to Stored XSS at theNameandSurnamefields in theUser account page.
Payload
{{constructor.constructor('alert(1)')()}}
Steps to reproduce
1.Login then go to User account page (https://demo.livehelperchat.com/site_admin/user/account)
2.In the Name andSurname fields, input payload {{constructor.constructor('alert(1)')()}}
3.Click Update button then you will see the XSS popup will display. Moreover, when you go to the dashboard, the XSS popup will also display here.
Impact
This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the userβs device.
Related
cve
cve
CVE-2022-0395
2022-01-28 22:15:16
cvelist
cvelist
nvd
nvd
CVE-2022-0395
2022-01-28 22:15:16
osv
osv
BIT-livehelperchat-2022-0395
2024-03-06 10:56:46
CVE-2022-0395
2022-01-28 22:15:16
Cross-site Scripting in LiveHelperChat
2022-01-29 00:00:33
prion
prion
Cross site scripting
2022-01-28 22:15:00
cnvd
cnvd
livehelperchat Cross-Site Scripting Vulnerability (CNVD-2022-18521)
2022-03-11 00:00:00
github
github
Cross-site Scripting in LiveHelperChat
2022-01-29 00:00:33
veracode
veracode
Cross-site Scripting (XSS)
2022-01-31 06:21:27