Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrX3rz7EB80E7C-BB7A-478D-9760-0EA2FA9DC0C2
HistoryDec 17, 2021 - 4:39 a.m.

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

2021-12-1704:39:19
x3rz
www.huntr.dev
7
cross-site scripting
stored xss
livehelperchat
user profile
multi-user functionality
bug bounty

EPSS

0.001

Percentile

21.4%

JSON

Description

livehelperchat is vulnerable to stored XSS in users profile setting where username, password, repeat password, nickname, name, surname, job title fields are vulnerable to stored XSS.

Proof of Concept

{{ this.constructor.constructor('alert("foo")')() }}

Enter the given payload in the above-mentioned fields.

Impact

stored XSS in the mentioned field as the application provides multi-user functionality.

Related

osv 3
github 1
veracode 1
prion 1
cnvd 1
nvd 1
cvelist 1
cve 1
osv
osv
livehelperchat is vulnerable to Cross-site Scripting
2022-01-05 20:33:47
BIT-livehelperchat-2021-4132
2024-03-06 10:59:01
CVE-2021-4132
2021-12-17 13:15:07
github
github
livehelperchat is vulnerable to Cross-site Scripting
2022-01-05 20:33:47
veracode
veracode
Cross-Site Scripting (XSS)
2021-12-20 04:18:27
prion
prion
Cross site scripting
2021-12-17 13:15:00
cnvd
cnvd
livehelperchat Cross-Site Scripting Vulnerability (CNVD-2022-01692)
2021-12-21 00:00:00
nvd
nvd
CVE-2021-4132
2021-12-17 13:15:07
cvelist
cvelist
CVE-2021-4132 Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
2021-12-17 12:45:09
cve
cve
CVE-2021-4132
2021-12-17 13:15:07

EPSS

0.001

Percentile

21.4%

JSON
Related for 7EB80E7C-BB7A-478D-9760-0EA2FA9DC0C2
osv3github1veracode1prion1cnvd1nvd1cvelist1cve1