BIT-LIVEHELPERCHAT-2022-0394

Cross-site Scripting XSS - Stored in Packagist remdex/livehelperchat prior to 3.93v...

BIT-LIVEHELPERCHAT-2022-0502

Cross-site Scripting XSS - Stored in Packagist remdex/livehelperchat prior to 3.93v...

BIT-LIVEHELPERCHAT-2022-0612

Cross-site Scripting XSS - Stored in Packagist remdex/livehelperchat prior to 3.93v...

BIT-LIVEHELPERCHAT-2022-0935

Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97...

BIT-LIVEHELPERCHAT-2022-1176

Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96...

BIT-LIVEHELPERCHAT-2022-1191

SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96...

BIT-LIVEHELPERCHAT-2022-1213

SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191...

BIT-LIVEHELPERCHAT-2022-1234

XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device...

BIT-LIVEHELPERCHAT-2022-1235

Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96...

BIT-LIVEHELPERCHAT-2022-1530

Cross-site Scripting XSS in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application...

GHSA-V4CP-2Q7V-HG9Q livehelperchat Server-Side Template Injection

Server-Side Template Injection SSTI vulnerability in livehelperchat before 4.34, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhcweb/modules/lhfaq/faqweight.php...

livehelperchat Server-Side Template Injection

Server-Side Template Injection SSTI vulnerability in livehelperchat before 4.34, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhcweb/modules/lhfaq/faqweight.php...

CVE-2024-27516

Server-Side Template Injection SSTI vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhcweb/modules/lhfaq/faqweight.php...

CVE-2024-27516

Server-Side Template Injection SSTI vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhcweb/modules/lhfaq/faqweight.php...

Sql injection

livehelperchat 4.28v is vulnerable to Server-Side Template Injection SSTI...

CVE-2024-27516

Server-Side Template Injection SSTI vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhcweb/modules/lhfaq/faqweight.php...

CVE-2024-27516

Server-Side Template Injection SSTI vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhcweb/modules/lhfaq/faqweight.php...

CVE-2024-27516

CVE-2024-27516 affects livehelperchat prior to version 4.34. The SSTI exists in the search parameter of lhc_web/modules/lhfaq/faqweight.php, enabling remote code execution and access to sensitive data. Impact is high (as per sources) including arbitrary code execution and data disclosure. Recomme...

PT-2024-21926 · Unknown · Livehelperchat

Name of the Vulnerable Software and Affected Versions: livehelperchat versions prior to 4.34 Description: A Server-Side Template Injection SSTI issue allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc web/modules/lhfaq/faqweight.php...

livehelperchat cross-site scripting vulnerability (CNVD-2023-86325)

livehelperchat is an open source application that provides free live support on a website through live helper chat. A cross-site scripting XSS vulnerability exists in livehelperchat versions prior to 3.99, which can be exploited by an attacker to execute malicious JS scripts on the application...