Livehelperchat is vulnerable to stored cross site scripting.
1 . Login to the demo account
2 . Go to settings –> Live help configuration –>Visual settings for the visitor –> widget theme –>new –> name field
3 . Add payload in name field and click save
4 . Go to setting –>embed code –> questionary embed code –> click page embed code alert will trigger.
payload {{constructor.constructor(‘alert(1)’)()}}
This vulnerability is capable of stolen the user cookie