Live Helper Chat Security Vulnerabilities
Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users.
6.1CVSS
6.2AI Score
0.001EPSS
Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode.
6.1CVSS
5.9AI Score
0.001EPSS
Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO.
6.1CVSS
5.9AI Score
0.001EPSS
6.5CVSS
6.4AI Score
0.001EPSS
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
6.1CVSS
6.1AI Score
0.001EPSS
6.5CVSS
6.4AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
5.4CVSS
5.3AI Score
0.001EPSS
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
6.1CVSS
6.1AI Score
0.001EPSS
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
5.4CVSS
5.4AI Score
0.001EPSS
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
6.1CVSS
6.2AI Score
0.001EPSS
livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information
5.3CVSS
5.1AI Score
0.001EPSS
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
5.4CVSS
5.4AI Score
0.001EPSS
livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information
5.3CVSS
5.1AI Score
0.001EPSS
4.3CVSS
4.5AI Score
0.001EPSS
6.5CVSS
6.4AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v.
6.6CVSS
6.2AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
5.4CVSS
5.1AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
4.8CVSS
4.7AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
5.4CVSS
5.1AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
5.4CVSS
5.1AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
5.4CVSS
5.1AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
5.4CVSS
5.1AI Score
0.001EPSS
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.
8.8CVSS
8.9AI Score
0.002EPSS
Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.
7.5CVSS
7.5AI Score
0.001EPSS
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.
8.1CVSS
7.9AI Score
0.001EPSS
SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191
8.1CVSS
7.9AI Score
0.001EPSS
XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device.
6.1CVSS
6.1AI Score
0.001EPSS
Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.
8.2CVSS
8.1AI Score
0.001EPSS
Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application.
6.1CVSS
6AI Score
0.001EPSS