18 matches found
CVE-2022-0612
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-1530
Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application.
CVE-2022-0374
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0375
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2020-26134
Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode.
CVE-2022-0395
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0266
Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v.
CVE-2022-0231
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2022-0502
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2021-4050
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4123
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4049
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4169
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-1000059
Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users.
CVE-2021-4176
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4175
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-26135
Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO.
CVE-2021-4179
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')