Lucene search
Shubh123-triF8B560A6-AA19-4262-8AE4-CF88204310EFHistoryJan 26, 2022 - 7:20 a.m.
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
2022-01-2607:20:05
shubh123-tri
www.huntr.dev
8
cross-site scripting
stored xss
livehelperchat
forms
payload
vulnerability
EPSS
0.001
Percentile
21.4%
Description
Stored XSS is found in Module>Forms>List of forms>New.
Use payload {{constructor.constructor(‘alert(1)’)()}} while creating form, and you will see that the input gets stored, and every time the user visits, the payload gets executed.
Proof of Concept
Impact
Through this vulnerability, an attacker is capable to execute malicious scripts.
Related
cvelist
cvelist
veracode
veracode
Cross-site Scripting (XSS)
2022-01-27 05:10:07
cnvd
cnvd
livehelperchat Cross-Site Scripting Vulnerability (CNVD-2022-08146)
2022-01-28 00:00:00
github
github
Cross-site Scripting in livehelperchat
2022-01-28 23:06:12
osv
osv
BIT-livehelperchat-2022-0374
2024-03-06 10:57:18
CVE-2022-0374
2022-01-26 10:15:07
Cross-site Scripting in livehelperchat
2022-01-28 23:06:12
cve
cve
CVE-2022-0374
2022-01-26 10:15:07
nvd
nvd
CVE-2022-0374
2022-01-26 10:15:07
prion
prion
Cross site scripting
2022-01-26 10:15:00