Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrAsura-nE13823D0-271C-448B-A0C5-8549EA7EA272
HistoryJan 27, 2022 - 3:42 p.m.

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

2022-01-2715:42:54
asura-n
www.huntr.dev
10
cross-site scripting
livehelperchat
stored
vulnerability
user cookie
impact

EPSS

0.001

Percentile

21.4%

JSON

Description

Livehelperchat is vulnerable to stored cross site scripting.

Proof of Concept

1 . Login to the demo account

2 . Go to settings –> Live help configuration –>Visual settings for the visitor –> widget theme –>new –> name field

3 . Add payload in name field and click save

4 . Go to setting –>embed code –> questionary embed code –> click page embed code alert will trigger.

payload {{constructor.constructor(‘alert(1)’)()}}

Impact

This vulnerability is capable of stolen the user cookie

Related

cve 1
prion 1
osv 3
cvelist 1
github 1
veracode 1
nvd 1
cve
cve
CVE-2022-0394
2022-01-28 11:15:08
prion
prion
Cross site scripting
2022-01-28 11:15:00
osv
osv
CVE-2022-0394
2022-01-28 11:15:08
BIT-livehelperchat-2022-0394
2024-03-06 10:56:57
Cross-site Scripting in LiveHelperChat
2022-02-01 00:49:48
cvelist
cvelist
CVE-2022-0394 Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
2022-01-28 10:16:27
github
github
Cross-site Scripting in LiveHelperChat
2022-02-01 00:49:48
veracode
veracode
Cross-site Scripting (XSS)
2022-01-31 14:15:35
nvd
nvd
CVE-2022-0394
2022-01-28 11:15:08

EPSS

0.001

Percentile

21.4%

JSON
Related for E13823D0-271C-448B-A0C5-8549EA7EA272
cve1prion1osv3cvelist1github1veracode1nvd1