142 matches found
CVE-2026-44633
Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can...
CVE-2026-44633 Live Helper Chat: REST API chat update accepts arbitrary chat fields across department boundaries
Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can...
CVE-2026-44633
Live Helper Chat 4.84v REST API chat update endpoint is vulnerable: a REST user with lhchat/use can update a chat in a department they cannot read, accepting arbitrary chat object fields to alter hash and status and potentially tamper via visitor/widget paths. The same write primitive can set ope...
CVE-2026-44633 Live Helper Chat: REST API chat update accepts arbitrary chat fields across department boundaries
Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can...
PT-2026-41019
Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can...
Live Helper Chat 安全漏洞
Live Helper Chat is an open-source plugin developed by Live Helper Chat developers, designed to provide chat functionality for web platforms. Version 4.84 of Live Helper Chat contains a security vulnerability. This vulnerability stems from the REST API chat update endpoint, which allows users to...
CVE-2026-27954
Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...
CVE-2026-27954
Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...
CVE-2026-27954
Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...
CVE-2026-27954
Live Helper Chat is affected up to version 4.52. The flaw arises in three chat action endpoints (holdaction.php, blockuser.php, transferchat.php) which load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead(), enabling operators with holduse, allowblockusers, or allowtransfer ...
EUVD-2026-8815
Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...
CVE-2026-27954 LiveHelperChat has department-level authorization bypass in holdaction, blockuser, and transferchat endpoints
Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...
CVE-2026-27954 LiveHelperChat has department-level authorization bypass in holdaction, blockuser, and transferchat endpoints
Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...
Live Helper Chat 安全漏洞
Live Helper Chat is an open-source plugin for personal developers that provides chat functionality for web platforms. Versions of Live Helper Chat 4.52 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of checks for access permissions when loading chat objects...
PT-2026-22103
Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...
CVE-2026-0483
Stored Cross-Site Scripting XSS vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user's context when they download and open the file via the link...
CVE-2026-0483
Stored Cross-Site Scripting XSS vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user's context when they download and open the file via the link...
EUVD-2026-4895
Stored Cross-Site Scripting XSS vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user's context when they download and open the file via the link...
CVE-2026-0483
CVE-2026-0483 is a stored XSS in Live Helper Chat’s PDF file upload for versions before 4.72. An attacker can upload a malicious PDF containing an XSS payload; when a user downloads and opens the file via the app’s link, arbitrary JavaScript executes in the user’s context. Public sources (PT Secu...
CVE-2026-0483
Stored Cross-Site Scripting XSS vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user's context when they download and open the file via the link...