418 matches found
Cross site scripting
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2022-0253
The CVE-2022-0253 entry concerns livehelperchat and is confirmed to have a Cross-site Scripting (Stored XSS) vulnerability due to improper neutralization during page generation. The connected documents specify the affected component as livehelperchat, with the XSS being stored via the Settings>...
CVE-2022-0253 Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2022-0253 Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
in livehelperchat/livehelperchat
Description LiveHelperChat is vulnerable to Insecure Direct Object Reference / IDOR vulnerability. The system's authorization functionality does not prevent one user from deleting another user by modifying the userid identifying the user. Each user has a userid 1,2,3,.... A malicious authorized...
Cross-Site Request Forgery (CSRF)
livehelperchat is vulnerable to cross-site request forgery. The server is unable to verify the authenticity of web requests due to a lack of anti-CSRF protection mechanism in the REST API, allowing an attacker to submit requests on behalf of the user, and potentially obtain credentials via the...
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Description Stored XSS is found in SettingsLive help configurationIncoming Webhooks. When a user creates a new webhook under the NAME field and puts a payload constructor.constructor'alert1', the input gets stored, and every time the user visits, the payload gets executed. Proof of Concept...
livehelperchat 跨站脚本漏洞
livehelperchat is available via Live Helper Chat, which provides free live support on the website. livehelperchat suffers from a cross-site scripting vulnerability that stems from livehelperchat being vulnerable to incorrect neutralization during page generation. No detailed vulnerability details...
livehelperchat cross-site request forgery vulnerability (CNVD-2022-08039)
livehelperchat is available through live helper chat and can be used to provide live support on the website for free. A cross-site request forgery vulnerability exists in livehelperchat, which stems from a WEB application that does not adequately validate whether a request is coming from a truste...
CVE-2022-0226
livehelperchat is vulnerable to Cross-Site Request Forgery CSRF...
Cross site request forgery (csrf)
livehelperchat is vulnerable to Cross-Site Request Forgery CSRF...
CVE-2022-0226
CVE-2022-0226 affects livehelperchat with CSRF vulnerability. Multiple sources (OSV, GHSA, CVE listing) confirm CSRF in livehelperchat, noting that in at least one advisory the server-side CSRF token validation is missing in audit configuration, allowing actions if the token field is empty. Affec...
CVE-2022-0226 Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
livehelperchat is vulnerable to Cross-Site Request Forgery CSRF...
CVE-2022-0226 Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
livehelperchat is vulnerable to Cross-Site Request Forgery CSRF...
CVE-2022-0231
livehelperchat is vulnerable to Cross-Site Request Forgery CSRF...
Cross site request forgery (csrf)
livehelperchat is vulnerable to Cross-Site Request Forgery CSRF...
CVE-2022-0231 Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
livehelperchat is vulnerable to Cross-Site Request Forgery CSRF...
CVE-2022-0231
CSRF vulnerability in livehelperchat (CVE-2022-0231) is documented across multiple sources. The issue arises in the admin file configuration endpoint (/site_admin/file/configuration), where requests can be forged due to missing CSRF token validation. A successful exploit can allow an attacker to ...
CVE-2022-0231 Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
livehelperchat is vulnerable to Cross-Site Request Forgery CSRF...
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
Description A CSRF issue is found in the SettingsLive help configurationFile Configuration. It was found that no CSRF token validation is getting done as no CSRF token is getting passed with the request. Proof of Concept Actual Request POST /siteadmin/file/configuration HTTP/1.1 Host:...