Lucene search

GoogleOSV:BIT-LIVEHELPERCHAT-2022-1530

HistoryMar 06, 2024 - 10:55 a.m.

BIT-livehelperchat-2022-1530

2024-03-0610:55:16

Google

osv.dev

cross-site scripting

github repository

livehelperchat

javascript

application

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.2%

JSON

Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application.

CPENameOperatorVersion
livehelperchatlt3.99.0

CPE	Name	Operator	Version
	livehelperchat	lt	3.99.0

References

github.com/livehelperchat/livehelperchat/commit/edef7a8387be718d0de2dfd1e722789afb0461bc

huntr.dev/bounties/8fd8de01-7e83-4324-9cc8-a97acb9b70d6

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.2%

JSON

Related for OSV:BIT-LIVEHELPERCHAT-2022-1530