Lucene search
K

4 matches found

OSV
OSV
added 2022/01/28 11:6 p.m.15 views

GHSA-W4HP-PCP8-QHF3 Cross-site Scripting in livehelperchat

Stored XSS is found in SettingsLive help configurationDepartments-Departments groups-edit When a user creates a new webhook under the NAME field and puts a payload constructor.constructor'alert1', the input gets stored, at user edit groupname , the payload gets executed...

5.4CVSS5.1AI score0.00634EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/01/28 11:6 p.m.42 views

Cross-site Scripting in livehelperchat

Stored XSS is found in SettingsLive help configurationPersonal Themestatic content. Under the NAME field put a payload constructor.constructor'alert1' while creating content, and you will see that the input gets stored, and every time the user visits, the payload gets executed...

7.1CVSS1.1AI score0.00766EPSS
Exploits1References4Affected Software1
Huntr
Huntr
added 2022/01/27 2:45 a.m.12 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Stored XSS is found in SettingsLive help configurationDepartments-Departments groups-edit When a user creates a new webhook under the NAME field and puts a payload constructor.constructor'alert1', the input gets stored, at user edit groupname , the payload gets executed. Proof of...

3.5CVSS0.00634EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/14 12:7 p.m.17 views

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

Description A CSRF issue is found in the SettingsLive help configurationCanned Messages. It was found that no CSRF token validation is getting done as no CSRF token is getting passed with the request. Also while generating statistics, the action is done through GET method with no CSRF token. Two...

4.3CVSS4.7AI score0.00439EPSS
Exploits1
Rows per page
Query Builder