Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 10:50 p.m.6 views

CVE-2022-1234

XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device...

8.8CVSS6.1AI score0.00715EPSS
Exploits1References1
OSV
OSV
added 2024/03/06 10:55 a.m.14 views

BIT-LIVEHELPERCHAT-2022-1234

XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device...

8.8CVSS6.1AI score0.00715EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2024/02/12 10:0 a.m.30 views

Why Are Compromised Identities the Nightmare to IR Speed and Efficiency?

Incident response IR is a race against time. You engage your internal or external team because there's enough evidence that something bad is happening, but you're still blind to the scope, the impact, and the root cause. The common set of IR tools and practices provides IR teams with the ability ...

7.4AI score
Exploits0
NVD
NVD
added 2022/04/06 4:15 a.m.28 views

CVE-2022-1234

XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device...

8.8CVSS0.00715EPSS
Exploits1References2
CVE
CVE
added 2022/04/06 3:10 a.m.116 views

CVE-2022-1234

CVE-2022-1234 is an XSS vulnerability affecting the LiveHelperChat project (livehelperchat/livehelperchat) prior to version 3.97. The issue is exposed in the GitHub repository and can be triggered by improper handling of input, potentially allowing an attacker to deface a website, hijack user acc...

8.8CVSS6.4AI score0.00715EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2022/02/21 7:29 a.m.20 views

Cross-site Scripting (XSS)

remdex/livehelperchat is vulnerable to cross-site scripting. The library has stored XSS at customercompanynameValueParam field in the Chat configuration page allowing an attacker to inject and execute malicious javascript on user's browser, resulting in compromised user accounts...

5.4CVSS2.9AI score0.00607EPSS
Exploits1References3Affected Software1
Huntr
Huntr
added 2022/01/26 7:57 a.m.16 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description LiveHelperChat is vulnerable to Stored XSS at the Name field in the Admin themes of System configuration. Payload constructor.constructor'alert1' Steps to reproduce 1.Login then go to Setting - Live help configuration tab 2.Click on Admin themes in Visual settings for the admin sectio...

3.5CVSS0.2AI score0.007EPSS
Exploits1
Huntr
Huntr
added 2021/12/30 9:35 a.m.14 views

Cross-site Scripting (XSS) - Stored in convos-chat/convos

Description I found a way to bypass the Stored XSS via uploading File with format .svg when chatting in private conversation. Since you have filtered the content of the svg file as below: state $RULES = svg = qr Steps to Reproduce 1.After login, go to any private conversation. 2.In the chat bar,...

6.1AI score
Exploits0
Huntr
Huntr
added 2021/12/14 2:55 a.m.9 views

Cross-site Scripting (XSS) - Stored in convos-chat/convos

Description Stored XSS via upload File with format .svg when chatting in private conversation. Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/12/02 9:15 a.m.16 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Stored XSS via upload Photo avatar with format .svg in Account data. Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of Concept PoC.svg va...

4.3CVSS0.4AI score0.0085EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2017/07/10 12:0 a.m.32 views

GLSA-201707-03 : phpMyAdmin: Security bypass

The remote host is affected by the vulnerability described in GLSA-201707-03 phpMyAdmin: Security bypass A vulnerability was discovered where the restrictions caused by $cfgServers$iAllowNoPassword = false are bypassed under certain PHP versions. This can lead compromised user accounts, who have ...

5.7AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2016/06/17 10:48 p.m.25 views

CVE-2016-4428

A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description, triggering...

5.4CVSS1AI score0.02068EPSS
Exploits0References1
Rows per page
Query Builder