418 matches found
CVE-2021-4177 Generation of Error Message Containing Sensitive Information in livehelperchat/livehelperchat
livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information...
Unspecified vulnerability in livehelperchat
livehelperchat is available through live helper chat and can be used to provide live support on the website for free. A security vulnerability exists in livehelperchat that stems from the vulnerability of livehelperchat to input errors when generating web pages. No details of the vulnerability ar...
PT-2021-23399 · Unknown · Livehelperchat
Name of the Vulnerable Software and Affected Versions: livehelperchat affected versions not specified Description: The issue concerns the generation of error messages that contain sensitive information. This could potentially expose internal details, making it easier for attackers to exploit othe...
PT-2021-23403 · Unknown · Livehelperchat
Name of the Vulnerable Software and Affected Versions: livehelperchat affected versions not specified Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This means that the software does not properly neutralize use...
livehelperchat 跨站脚本漏洞
livehelperchat is available through live helper chat and can be used to provide live support on the website for free. A cross-site scripting vulnerability exists in livehelperchat, which stems from vulnerability to input errors when generating web pages. No detailed vulnerability details are...
livehelperchat 信息泄露漏洞
livehelperchat is available through live helper chat and can be used to provide live support on the website for free. An information disclosure vulnerability exists in livehelperchat that stems from the product's failure to effectively handle error messages. An attacker could obtain sensitive...
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Description The livehelperchat is an open source live chat service. In this service, general users can chat 1:1 with administrators. When administrators send XSS PoC to general users, XSS occurs in general users' chat rooms. Since XSS PoC is saved in the chat room, XSS occurs even if you access t...
Cross-site Scripting (XSS) - Stored in livehelperchat/fbmessenger
Description The application does not escape special characters. The $item-bbcode or $item-name variables can lead to stored XSS Proof of Concept Go to Facebook BBCode List https://demo.livehelperchat.com/siteadmin/fbmessenger/newbbcode and add an item with XSS payload into name or bbcode fields,...
Cross-site Scripting (XSS) - Reflected in livehelperchat/livehelperchat
Description The application does not escape special characters, and the $msgPArent or $Result'additionalpostmessage' variables can lead to reflected XSS Proof of Concept https://demo.livehelperchat.com/chat/chatwidgetchat/444/123/theme/1/cstarted/123";;alert'xss';" Impact XSS can have huge...
in livehelperchat/livehelperchat
Description When updating the geolocation detection configuration, we're given the option to specify a file location of a city database file, this can be used to determine if files exist or not. We are not able to see the contents of the file, but we are indeed able to determine if the file exist...
CVE-2021-4169
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-4169
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-4169
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
Cross site scripting
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-4169 Cross-site Scripting (XSS) - Reflected in livehelperchat/livehelperchat
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-4169
CVE-2021-4169 affects livehelperchat. The vulnerability is an Improper Neutralization of Input During Web Page Generation (XSS) in livehelperchat. Open sources describe reflected/DOM-based XSS vectors enabling injection via user input, with impact limited to client-side script execution and poten...
PT-2021-23376 · Unknown · Livehelperchat
Name of the Vulnerable Software and Affected Versions: livehelperchat affected versions not specified Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This means that the software does not properly neutralize use...
Cross-site Scripting (XSS) - Reflected in livehelperchat/livehelperchat
Description The htmlspecialchars function does not escape special characters like single quote, and the $prefix parameter can lead to reflected XSS Proof of Concept https://demo.livehelperchat.com/siteadmin/user/avatarbuilder/1?=1640314779051&prefix=123%27;;%20alert%27xss%27;// Impact XSS can hav...
livehelperchat cross-site scripting vulnerability (CNVD-2022-01692)
livehelperchat is available through live helper chat and can be used to provide live support on the website for free. A cross-site scripting vulnerability exists in livehelperchat that stems from livehelperchat's susceptibility to input mismatches during web page generation "cross-site scripting"...
livehelperchat cross-site request forgery vulnerability (CNVD-2022-01694)
livehelperchat is available through live helper chat and can be used to provide live support on the website for free. A cross-site request forgery vulnerability exists in livehelperchat, and no detailed vulnerability details are provided at this time...