12 matches found
CVE-2022-1234
XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device...
BIT-LIVEHELPERCHAT-2022-1234
XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device...
Why Are Compromised Identities the Nightmare to IR Speed and Efficiency?
Incident response IR is a race against time. You engage your internal or external team because there's enough evidence that something bad is happening, but you're still blind to the scope, the impact, and the root cause. The common set of IR tools and practices provides IR teams with the ability ...
CVE-2022-1234
XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device...
CVE-2022-1234
CVE-2022-1234 is an XSS vulnerability affecting the LiveHelperChat project (livehelperchat/livehelperchat) prior to version 3.97. The issue is exposed in the GitHub repository and can be triggered by improper handling of input, potentially allowing an attacker to deface a website, hijack user acc...
Cross-site Scripting (XSS)
remdex/livehelperchat is vulnerable to cross-site scripting. The library has stored XSS at customercompanynameValueParam field in the Chat configuration page allowing an attacker to inject and execute malicious javascript on user's browser, resulting in compromised user accounts...
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Description LiveHelperChat is vulnerable to Stored XSS at the Name field in the Admin themes of System configuration. Payload constructor.constructor'alert1' Steps to reproduce 1.Login then go to Setting - Live help configuration tab 2.Click on Admin themes in Visual settings for the admin sectio...
Cross-site Scripting (XSS) - Stored in convos-chat/convos
Description I found a way to bypass the Stored XSS via uploading File with format .svg when chatting in private conversation. Since you have filtered the content of the svg file as below: state $RULES = svg = qr Steps to Reproduce 1.After login, go to any private conversation. 2.In the chat bar,...
Cross-site Scripting (XSS) - Stored in convos-chat/convos
Description Stored XSS via upload File with format .svg when chatting in private conversation. Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of...
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Description Stored XSS via upload Photo avatar with format .svg in Account data. Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of Concept PoC.svg va...
GLSA-201707-03 : phpMyAdmin: Security bypass
The remote host is affected by the vulnerability described in GLSA-201707-03 phpMyAdmin: Security bypass A vulnerability was discovered where the restrictions caused by $cfgServers$iAllowNoPassword = false are bypassed under certain PHP versions. This can lead compromised user accounts, who have ...
CVE-2016-4428
A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description, triggering...