Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
62 vulnerabilities found for livehelperchat/livehelperchat by livehelperchat
CVE-2022-1530 (GCVE-0-2022-1530)
Vulnerability from nvd – Published: 2022-04-29 08:50 – Updated: 2024-08-03 00:10
VLAI?
Title
Cross-site Scripting (XSS) in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.99v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:02.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8fd8de01-7e83-4324-9cc8-a97acb9b70d6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/edef7a8387be718d0de2dfd1e722789afb0461bc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.99v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T10:35:08.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8fd8de01-7e83-4324-9cc8-a97acb9b70d6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/edef7a8387be718d0de2dfd1e722789afb0461bc"
}
],
"source": {
"advisory": "8fd8de01-7e83-4324-9cc8-a97acb9b70d6",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1530",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.99v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8fd8de01-7e83-4324-9cc8-a97acb9b70d6",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8fd8de01-7e83-4324-9cc8-a97acb9b70d6"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/edef7a8387be718d0de2dfd1e722789afb0461bc",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/edef7a8387be718d0de2dfd1e722789afb0461bc"
}
]
},
"source": {
"advisory": "8fd8de01-7e83-4324-9cc8-a97acb9b70d6",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1530",
"datePublished": "2022-04-29T08:50:10.000Z",
"dateReserved": "2022-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:02.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0935 (GCVE-0-2022-0935)
Vulnerability from nvd – Published: 2022-04-07 18:21 – Updated: 2024-08-02 23:47
VLAI?
Title
Host Header injection in password Reset in livehelperchat/livehelperchat
Summary
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.
Severity ?
8.8 (High)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.97
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a7e40fdf-a333-4a50-8a53-d11b16ce3ec2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/ce96791cb4c7420266b668fc234c211914259ba7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.97",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-07T18:21:42.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a7e40fdf-a333-4a50-8a53-d11b16ce3ec2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/ce96791cb4c7420266b668fc234c211914259ba7"
}
],
"source": {
"advisory": "a7e40fdf-a333-4a50-8a53-d11b16ce3ec2",
"discovery": "EXTERNAL"
},
"title": "Host Header injection in password Reset in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0935",
"STATE": "PUBLIC",
"TITLE": "Host Header injection in password Reset in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.97"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840 Business Logic Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a7e40fdf-a333-4a50-8a53-d11b16ce3ec2",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a7e40fdf-a333-4a50-8a53-d11b16ce3ec2"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/ce96791cb4c7420266b668fc234c211914259ba7",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/ce96791cb4c7420266b668fc234c211914259ba7"
}
]
},
"source": {
"advisory": "a7e40fdf-a333-4a50-8a53-d11b16ce3ec2",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0935",
"datePublished": "2022-04-07T18:21:42.000Z",
"dateReserved": "2022-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:47:42.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1234 (GCVE-0-2022-1234)
Vulnerability from nvd – Published: 2022-04-06 03:10 – Updated: 2024-08-02 23:55
VLAI?
Title
XSS in livehelperchat in livehelperchat/livehelperchat
Summary
XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device.
Severity ?
8.8 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.97
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0d235252-0882-4053-85c1-b41b94c814d4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/a09aa0d793818dc4cae78ac4bcfb557d4fd2a30d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.97",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user\u2019s device."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-06T03:10:15.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0d235252-0882-4053-85c1-b41b94c814d4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/a09aa0d793818dc4cae78ac4bcfb557d4fd2a30d"
}
],
"source": {
"advisory": "0d235252-0882-4053-85c1-b41b94c814d4",
"discovery": "EXTERNAL"
},
"title": "XSS in livehelperchat in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1234",
"STATE": "PUBLIC",
"TITLE": "XSS in livehelperchat in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.97"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user\u2019s device."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0d235252-0882-4053-85c1-b41b94c814d4",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0d235252-0882-4053-85c1-b41b94c814d4"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/a09aa0d793818dc4cae78ac4bcfb557d4fd2a30d",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/a09aa0d793818dc4cae78ac4bcfb557d4fd2a30d"
}
]
},
"source": {
"advisory": "0d235252-0882-4053-85c1-b41b94c814d4",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1234",
"datePublished": "2022-04-06T03:10:15.000Z",
"dateReserved": "2022-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1235 (GCVE-0-2022-1235)
Vulnerability from nvd – Published: 2022-04-05 06:30 – Updated: 2024-08-02 23:55
VLAI?
Title
Weak secrethash can be brute-forced in livehelperchat/livehelperchat
Summary
Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.
Severity ?
7.5 (High)
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.96
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/92f7b2d4-fa88-4c62-a2ee-721eebe01705"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/6538d6df3d8a60fee254170b08dd76a161f7bfdc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.96",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-05T06:30:15.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/92f7b2d4-fa88-4c62-a2ee-721eebe01705"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/6538d6df3d8a60fee254170b08dd76a161f7bfdc"
}
],
"source": {
"advisory": "92f7b2d4-fa88-4c62-a2ee-721eebe01705",
"discovery": "EXTERNAL"
},
"title": "Weak secrethash can be brute-forced in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1235",
"STATE": "PUBLIC",
"TITLE": "Weak secrethash can be brute-forced in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.96"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-916 Use of Password Hash With Insufficient Computational Effort"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/92f7b2d4-fa88-4c62-a2ee-721eebe01705",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/92f7b2d4-fa88-4c62-a2ee-721eebe01705"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/6538d6df3d8a60fee254170b08dd76a161f7bfdc",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/6538d6df3d8a60fee254170b08dd76a161f7bfdc"
}
]
},
"source": {
"advisory": "92f7b2d4-fa88-4c62-a2ee-721eebe01705",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1235",
"datePublished": "2022-04-05T06:30:15.000Z",
"dateReserved": "2022-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1213 (GCVE-0-2022-1213)
Vulnerability from nvd – Published: 2022-04-05 03:45 – Updated: 2024-08-02 23:55
VLAI?
Title
SSRF filter bypass port 80, 433 in livehelperchat/livehelperchat
Summary
SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191
Severity ?
7.7 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.67v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/084387f6-5b9c-4017-baa2-5fcf65b051e1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/abc9599ee7aded466ca216741dcaea533c908111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.67v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-05T03:45:13.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/084387f6-5b9c-4017-baa2-5fcf65b051e1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/abc9599ee7aded466ca216741dcaea533c908111"
}
],
"source": {
"advisory": "084387f6-5b9c-4017-baa2-5fcf65b051e1",
"discovery": "EXTERNAL"
},
"title": "SSRF filter bypass port 80, 433 in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1213",
"STATE": "PUBLIC",
"TITLE": "SSRF filter bypass port 80, 433 in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.67v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/084387f6-5b9c-4017-baa2-5fcf65b051e1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/084387f6-5b9c-4017-baa2-5fcf65b051e1"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/abc9599ee7aded466ca216741dcaea533c908111",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/abc9599ee7aded466ca216741dcaea533c908111"
}
]
},
"source": {
"advisory": "084387f6-5b9c-4017-baa2-5fcf65b051e1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1213",
"datePublished": "2022-04-05T03:45:13.000Z",
"dateReserved": "2022-04-04T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1176 (GCVE-0-2022-1176)
Vulnerability from nvd – Published: 2022-03-31 10:10 – Updated: 2024-08-02 23:55
VLAI?
Title
Loose comparison causes IDOR on multiple endpoints in livehelperchat/livehelperchat
Summary
Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.
Severity ?
7.5 (High)
CWE
- CWE-843 - Access of Resource Using Incompatible Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.96
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3e30171b-c9bf-415c-82f1-6f55a44d09d3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/72c0df160bfe9838c618652facef29af99392ce3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.96",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-31T10:10:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3e30171b-c9bf-415c-82f1-6f55a44d09d3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/72c0df160bfe9838c618652facef29af99392ce3"
}
],
"source": {
"advisory": "3e30171b-c9bf-415c-82f1-6f55a44d09d3",
"discovery": "EXTERNAL"
},
"title": "Loose comparison causes IDOR on multiple endpoints in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1176",
"STATE": "PUBLIC",
"TITLE": "Loose comparison causes IDOR on multiple endpoints in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.96"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843 Access of Resource Using Incompatible Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3e30171b-c9bf-415c-82f1-6f55a44d09d3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3e30171b-c9bf-415c-82f1-6f55a44d09d3"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/72c0df160bfe9838c618652facef29af99392ce3",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/72c0df160bfe9838c618652facef29af99392ce3"
}
]
},
"source": {
"advisory": "3e30171b-c9bf-415c-82f1-6f55a44d09d3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1176",
"datePublished": "2022-03-31T10:10:10.000Z",
"dateReserved": "2022-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1191 (GCVE-0-2022-1191)
Vulnerability from nvd – Published: 2022-03-31 08:35 – Updated: 2024-08-02 23:55
VLAI?
Title
SSRF on index.php/cobrowse/proxycss/ in livehelperchat/livehelperchat
Summary
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.
Severity ?
8.7 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.96
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/7264a2e1-17e7-4244-93e4-49ec14f282b3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/c41f283a2c1b46c42dd2af16ecbeaedd2fe1f5df"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.96",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-31T08:35:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/7264a2e1-17e7-4244-93e4-49ec14f282b3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/c41f283a2c1b46c42dd2af16ecbeaedd2fe1f5df"
}
],
"source": {
"advisory": "7264a2e1-17e7-4244-93e4-49ec14f282b3",
"discovery": "EXTERNAL"
},
"title": "SSRF on index.php/cobrowse/proxycss/ in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1191",
"STATE": "PUBLIC",
"TITLE": "SSRF on index.php/cobrowse/proxycss/ in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.96"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7264a2e1-17e7-4244-93e4-49ec14f282b3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7264a2e1-17e7-4244-93e4-49ec14f282b3"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/c41f283a2c1b46c42dd2af16ecbeaedd2fe1f5df",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/c41f283a2c1b46c42dd2af16ecbeaedd2fe1f5df"
}
]
},
"source": {
"advisory": "7264a2e1-17e7-4244-93e4-49ec14f282b3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1191",
"datePublished": "2022-03-31T08:35:09.000Z",
"dateReserved": "2022-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0612 (GCVE-0-2022-0612)
Vulnerability from nvd – Published: 2022-02-16 05:40 – Updated: 2024-08-02 23:32
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity ?
6.7 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/eadcf7d2-a479-4901-abcc-1505d3f1b32f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/4d4f1db1701f09177896a38e43fd0c693835f03b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-16T05:40:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/eadcf7d2-a479-4901-abcc-1505d3f1b32f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/4d4f1db1701f09177896a38e43fd0c693835f03b"
}
],
"source": {
"advisory": "eadcf7d2-a479-4901-abcc-1505d3f1b32f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0612",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/eadcf7d2-a479-4901-abcc-1505d3f1b32f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/eadcf7d2-a479-4901-abcc-1505d3f1b32f"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/4d4f1db1701f09177896a38e43fd0c693835f03b",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/4d4f1db1701f09177896a38e43fd0c693835f03b"
}
]
},
"source": {
"advisory": "eadcf7d2-a479-4901-abcc-1505d3f1b32f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0612",
"datePublished": "2022-02-16T05:40:09.000Z",
"dateReserved": "2022-02-15T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0502 (GCVE-0-2022-0502)
Vulnerability from nvd – Published: 2022-02-06 10:50 – Updated: 2024-08-02 23:32
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:45.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/34f2aa30-de7f-432a-8749-b43d2774140f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/d3b107aaa8ec10816acc762d60e7321079c21706"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-06T10:50:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/34f2aa30-de7f-432a-8749-b43d2774140f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/d3b107aaa8ec10816acc762d60e7321079c21706"
}
],
"source": {
"advisory": "34f2aa30-de7f-432a-8749-b43d2774140f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0502",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/34f2aa30-de7f-432a-8749-b43d2774140f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/34f2aa30-de7f-432a-8749-b43d2774140f"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/d3b107aaa8ec10816acc762d60e7321079c21706",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/d3b107aaa8ec10816acc762d60e7321079c21706"
}
]
},
"source": {
"advisory": "34f2aa30-de7f-432a-8749-b43d2774140f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0502",
"datePublished": "2022-02-06T10:50:10.000Z",
"dateReserved": "2022-02-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:45.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0395 (GCVE-0-2022-0395)
Vulnerability from nvd – Published: 2022-01-28 21:31 – Updated: 2024-08-02 23:25
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/36abbd6e-239e-4739-8c77-ba212b946a4a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/8fdb4f67ac1a095331aa0fb4630ef9dfe8e75dcb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-28T21:31:31.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/36abbd6e-239e-4739-8c77-ba212b946a4a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/8fdb4f67ac1a095331aa0fb4630ef9dfe8e75dcb"
}
],
"source": {
"advisory": "36abbd6e-239e-4739-8c77-ba212b946a4a",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0395",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/36abbd6e-239e-4739-8c77-ba212b946a4a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/36abbd6e-239e-4739-8c77-ba212b946a4a"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/8fdb4f67ac1a095331aa0fb4630ef9dfe8e75dcb",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/8fdb4f67ac1a095331aa0fb4630ef9dfe8e75dcb"
}
]
},
"source": {
"advisory": "36abbd6e-239e-4739-8c77-ba212b946a4a",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0395",
"datePublished": "2022-01-28T21:31:31.000Z",
"dateReserved": "2022-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0394 (GCVE-0-2022-0394)
Vulnerability from nvd – Published: 2022-01-28 10:16 – Updated: 2025-06-09 15:00
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity ?
5.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/e13823d0-271c-448b-a0c5-8549ea7ea272"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/d7b85466c217b3750eaccc8703ce54ba8785c4d3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:00:44.563411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:00:58.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-28T10:16:27.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/e13823d0-271c-448b-a0c5-8549ea7ea272"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/d7b85466c217b3750eaccc8703ce54ba8785c4d3"
}
],
"source": {
"advisory": "e13823d0-271c-448b-a0c5-8549ea7ea272",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0394",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/e13823d0-271c-448b-a0c5-8549ea7ea272",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/e13823d0-271c-448b-a0c5-8549ea7ea272"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/d7b85466c217b3750eaccc8703ce54ba8785c4d3",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/d7b85466c217b3750eaccc8703ce54ba8785c4d3"
}
]
},
"source": {
"advisory": "e13823d0-271c-448b-a0c5-8549ea7ea272",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0394",
"datePublished": "2022-01-28T10:16:27.000Z",
"dateReserved": "2022-01-27T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:00:58.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0387 (GCVE-0-2022-0387)
Vulnerability from nvd – Published: 2022-01-27 05:20 – Updated: 2024-08-02 23:25
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-27T05:20:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444"
}
],
"source": {
"advisory": "2e09035b-8f98-4930-b7e8-7abe5f722b98",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0387",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444"
}
]
},
"source": {
"advisory": "2e09035b-8f98-4930-b7e8-7abe5f722b98",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0387",
"datePublished": "2022-01-27T05:20:09.000Z",
"dateReserved": "2022-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0370 (GCVE-0-2022-0370)
Vulnerability from nvd – Published: 2022-01-27 05:55 – Updated: 2024-08-02 23:25
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-27T05:55:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb"
}
],
"source": {
"advisory": "fbe4b376-57ce-42cd-a9a9-049c4099b3ca",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0370",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb"
}
]
},
"source": {
"advisory": "fbe4b376-57ce-42cd-a9a9-049c4099b3ca",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0370",
"datePublished": "2022-01-27T05:55:09.000Z",
"dateReserved": "2022-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0375 (GCVE-0-2022-0375)
Vulnerability from nvd – Published: 2022-01-26 09:30 – Updated: 2024-08-02 23:25
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/28e1c356-6eaa-4d93-af56-938e3b4d40a7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T09:30:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/28e1c356-6eaa-4d93-af56-938e3b4d40a7"
}
],
"source": {
"advisory": "28e1c356-6eaa-4d93-af56-938e3b4d40a7",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0375",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102"
},
{
"name": "https://huntr.dev/bounties/28e1c356-6eaa-4d93-af56-938e3b4d40a7",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/28e1c356-6eaa-4d93-af56-938e3b4d40a7"
}
]
},
"source": {
"advisory": "28e1c356-6eaa-4d93-af56-938e3b4d40a7",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0375",
"datePublished": "2022-01-26T09:30:10.000Z",
"dateReserved": "2022-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0374 (GCVE-0-2022-0374)
Vulnerability from nvd – Published: 2022-01-26 09:15 – Updated: 2024-08-02 23:25
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f8b560a6-aa19-4262-8ae4-cf88204310ef"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T09:15:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f8b560a6-aa19-4262-8ae4-cf88204310ef"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102"
}
],
"source": {
"advisory": "f8b560a6-aa19-4262-8ae4-cf88204310ef",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0374",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/f8b560a6-aa19-4262-8ae4-cf88204310ef",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f8b560a6-aa19-4262-8ae4-cf88204310ef"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102"
}
]
},
"source": {
"advisory": "f8b560a6-aa19-4262-8ae4-cf88204310ef",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0374",
"datePublished": "2022-01-26T09:15:11.000Z",
"dateReserved": "2022-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1530 (GCVE-0-2022-1530)
Vulnerability from cvelistv5 – Published: 2022-04-29 08:50 – Updated: 2024-08-03 00:10
VLAI?
Title
Cross-site Scripting (XSS) in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.99v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:02.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8fd8de01-7e83-4324-9cc8-a97acb9b70d6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/edef7a8387be718d0de2dfd1e722789afb0461bc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.99v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T10:35:08.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8fd8de01-7e83-4324-9cc8-a97acb9b70d6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/edef7a8387be718d0de2dfd1e722789afb0461bc"
}
],
"source": {
"advisory": "8fd8de01-7e83-4324-9cc8-a97acb9b70d6",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1530",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.99v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8fd8de01-7e83-4324-9cc8-a97acb9b70d6",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8fd8de01-7e83-4324-9cc8-a97acb9b70d6"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/edef7a8387be718d0de2dfd1e722789afb0461bc",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/edef7a8387be718d0de2dfd1e722789afb0461bc"
}
]
},
"source": {
"advisory": "8fd8de01-7e83-4324-9cc8-a97acb9b70d6",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1530",
"datePublished": "2022-04-29T08:50:10.000Z",
"dateReserved": "2022-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:02.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0935 (GCVE-0-2022-0935)
Vulnerability from cvelistv5 – Published: 2022-04-07 18:21 – Updated: 2024-08-02 23:47
VLAI?
Title
Host Header injection in password Reset in livehelperchat/livehelperchat
Summary
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.
Severity ?
8.8 (High)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.97
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a7e40fdf-a333-4a50-8a53-d11b16ce3ec2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/ce96791cb4c7420266b668fc234c211914259ba7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.97",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-07T18:21:42.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a7e40fdf-a333-4a50-8a53-d11b16ce3ec2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/ce96791cb4c7420266b668fc234c211914259ba7"
}
],
"source": {
"advisory": "a7e40fdf-a333-4a50-8a53-d11b16ce3ec2",
"discovery": "EXTERNAL"
},
"title": "Host Header injection in password Reset in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0935",
"STATE": "PUBLIC",
"TITLE": "Host Header injection in password Reset in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.97"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840 Business Logic Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a7e40fdf-a333-4a50-8a53-d11b16ce3ec2",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a7e40fdf-a333-4a50-8a53-d11b16ce3ec2"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/ce96791cb4c7420266b668fc234c211914259ba7",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/ce96791cb4c7420266b668fc234c211914259ba7"
}
]
},
"source": {
"advisory": "a7e40fdf-a333-4a50-8a53-d11b16ce3ec2",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0935",
"datePublished": "2022-04-07T18:21:42.000Z",
"dateReserved": "2022-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:47:42.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1234 (GCVE-0-2022-1234)
Vulnerability from cvelistv5 – Published: 2022-04-06 03:10 – Updated: 2024-08-02 23:55
VLAI?
Title
XSS in livehelperchat in livehelperchat/livehelperchat
Summary
XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device.
Severity ?
8.8 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.97
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0d235252-0882-4053-85c1-b41b94c814d4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/a09aa0d793818dc4cae78ac4bcfb557d4fd2a30d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.97",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user\u2019s device."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-06T03:10:15.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0d235252-0882-4053-85c1-b41b94c814d4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/a09aa0d793818dc4cae78ac4bcfb557d4fd2a30d"
}
],
"source": {
"advisory": "0d235252-0882-4053-85c1-b41b94c814d4",
"discovery": "EXTERNAL"
},
"title": "XSS in livehelperchat in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1234",
"STATE": "PUBLIC",
"TITLE": "XSS in livehelperchat in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.97"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user\u2019s device."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0d235252-0882-4053-85c1-b41b94c814d4",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0d235252-0882-4053-85c1-b41b94c814d4"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/a09aa0d793818dc4cae78ac4bcfb557d4fd2a30d",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/a09aa0d793818dc4cae78ac4bcfb557d4fd2a30d"
}
]
},
"source": {
"advisory": "0d235252-0882-4053-85c1-b41b94c814d4",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1234",
"datePublished": "2022-04-06T03:10:15.000Z",
"dateReserved": "2022-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1235 (GCVE-0-2022-1235)
Vulnerability from cvelistv5 – Published: 2022-04-05 06:30 – Updated: 2024-08-02 23:55
VLAI?
Title
Weak secrethash can be brute-forced in livehelperchat/livehelperchat
Summary
Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.
Severity ?
7.5 (High)
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.96
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/92f7b2d4-fa88-4c62-a2ee-721eebe01705"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/6538d6df3d8a60fee254170b08dd76a161f7bfdc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.96",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-05T06:30:15.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/92f7b2d4-fa88-4c62-a2ee-721eebe01705"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/6538d6df3d8a60fee254170b08dd76a161f7bfdc"
}
],
"source": {
"advisory": "92f7b2d4-fa88-4c62-a2ee-721eebe01705",
"discovery": "EXTERNAL"
},
"title": "Weak secrethash can be brute-forced in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1235",
"STATE": "PUBLIC",
"TITLE": "Weak secrethash can be brute-forced in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.96"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-916 Use of Password Hash With Insufficient Computational Effort"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/92f7b2d4-fa88-4c62-a2ee-721eebe01705",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/92f7b2d4-fa88-4c62-a2ee-721eebe01705"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/6538d6df3d8a60fee254170b08dd76a161f7bfdc",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/6538d6df3d8a60fee254170b08dd76a161f7bfdc"
}
]
},
"source": {
"advisory": "92f7b2d4-fa88-4c62-a2ee-721eebe01705",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1235",
"datePublished": "2022-04-05T06:30:15.000Z",
"dateReserved": "2022-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1213 (GCVE-0-2022-1213)
Vulnerability from cvelistv5 – Published: 2022-04-05 03:45 – Updated: 2024-08-02 23:55
VLAI?
Title
SSRF filter bypass port 80, 433 in livehelperchat/livehelperchat
Summary
SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191
Severity ?
7.7 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.67v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/084387f6-5b9c-4017-baa2-5fcf65b051e1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/abc9599ee7aded466ca216741dcaea533c908111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.67v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-05T03:45:13.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/084387f6-5b9c-4017-baa2-5fcf65b051e1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/abc9599ee7aded466ca216741dcaea533c908111"
}
],
"source": {
"advisory": "084387f6-5b9c-4017-baa2-5fcf65b051e1",
"discovery": "EXTERNAL"
},
"title": "SSRF filter bypass port 80, 433 in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1213",
"STATE": "PUBLIC",
"TITLE": "SSRF filter bypass port 80, 433 in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.67v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/084387f6-5b9c-4017-baa2-5fcf65b051e1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/084387f6-5b9c-4017-baa2-5fcf65b051e1"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/abc9599ee7aded466ca216741dcaea533c908111",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/abc9599ee7aded466ca216741dcaea533c908111"
}
]
},
"source": {
"advisory": "084387f6-5b9c-4017-baa2-5fcf65b051e1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1213",
"datePublished": "2022-04-05T03:45:13.000Z",
"dateReserved": "2022-04-04T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1176 (GCVE-0-2022-1176)
Vulnerability from cvelistv5 – Published: 2022-03-31 10:10 – Updated: 2024-08-02 23:55
VLAI?
Title
Loose comparison causes IDOR on multiple endpoints in livehelperchat/livehelperchat
Summary
Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.
Severity ?
7.5 (High)
CWE
- CWE-843 - Access of Resource Using Incompatible Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.96
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3e30171b-c9bf-415c-82f1-6f55a44d09d3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/72c0df160bfe9838c618652facef29af99392ce3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.96",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-31T10:10:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3e30171b-c9bf-415c-82f1-6f55a44d09d3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/72c0df160bfe9838c618652facef29af99392ce3"
}
],
"source": {
"advisory": "3e30171b-c9bf-415c-82f1-6f55a44d09d3",
"discovery": "EXTERNAL"
},
"title": "Loose comparison causes IDOR on multiple endpoints in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1176",
"STATE": "PUBLIC",
"TITLE": "Loose comparison causes IDOR on multiple endpoints in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.96"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843 Access of Resource Using Incompatible Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3e30171b-c9bf-415c-82f1-6f55a44d09d3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3e30171b-c9bf-415c-82f1-6f55a44d09d3"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/72c0df160bfe9838c618652facef29af99392ce3",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/72c0df160bfe9838c618652facef29af99392ce3"
}
]
},
"source": {
"advisory": "3e30171b-c9bf-415c-82f1-6f55a44d09d3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1176",
"datePublished": "2022-03-31T10:10:10.000Z",
"dateReserved": "2022-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1191 (GCVE-0-2022-1191)
Vulnerability from cvelistv5 – Published: 2022-03-31 08:35 – Updated: 2024-08-02 23:55
VLAI?
Title
SSRF on index.php/cobrowse/proxycss/ in livehelperchat/livehelperchat
Summary
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.
Severity ?
8.7 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.96
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/7264a2e1-17e7-4244-93e4-49ec14f282b3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/c41f283a2c1b46c42dd2af16ecbeaedd2fe1f5df"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.96",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-31T08:35:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/7264a2e1-17e7-4244-93e4-49ec14f282b3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/c41f283a2c1b46c42dd2af16ecbeaedd2fe1f5df"
}
],
"source": {
"advisory": "7264a2e1-17e7-4244-93e4-49ec14f282b3",
"discovery": "EXTERNAL"
},
"title": "SSRF on index.php/cobrowse/proxycss/ in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1191",
"STATE": "PUBLIC",
"TITLE": "SSRF on index.php/cobrowse/proxycss/ in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.96"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7264a2e1-17e7-4244-93e4-49ec14f282b3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7264a2e1-17e7-4244-93e4-49ec14f282b3"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/c41f283a2c1b46c42dd2af16ecbeaedd2fe1f5df",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/c41f283a2c1b46c42dd2af16ecbeaedd2fe1f5df"
}
]
},
"source": {
"advisory": "7264a2e1-17e7-4244-93e4-49ec14f282b3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1191",
"datePublished": "2022-03-31T08:35:09.000Z",
"dateReserved": "2022-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0612 (GCVE-0-2022-0612)
Vulnerability from cvelistv5 – Published: 2022-02-16 05:40 – Updated: 2024-08-02 23:32
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity ?
6.7 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/eadcf7d2-a479-4901-abcc-1505d3f1b32f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/4d4f1db1701f09177896a38e43fd0c693835f03b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-16T05:40:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/eadcf7d2-a479-4901-abcc-1505d3f1b32f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/4d4f1db1701f09177896a38e43fd0c693835f03b"
}
],
"source": {
"advisory": "eadcf7d2-a479-4901-abcc-1505d3f1b32f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0612",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/eadcf7d2-a479-4901-abcc-1505d3f1b32f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/eadcf7d2-a479-4901-abcc-1505d3f1b32f"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/4d4f1db1701f09177896a38e43fd0c693835f03b",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/4d4f1db1701f09177896a38e43fd0c693835f03b"
}
]
},
"source": {
"advisory": "eadcf7d2-a479-4901-abcc-1505d3f1b32f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0612",
"datePublished": "2022-02-16T05:40:09.000Z",
"dateReserved": "2022-02-15T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0502 (GCVE-0-2022-0502)
Vulnerability from cvelistv5 – Published: 2022-02-06 10:50 – Updated: 2024-08-02 23:32
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:45.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/34f2aa30-de7f-432a-8749-b43d2774140f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/d3b107aaa8ec10816acc762d60e7321079c21706"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-06T10:50:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/34f2aa30-de7f-432a-8749-b43d2774140f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/d3b107aaa8ec10816acc762d60e7321079c21706"
}
],
"source": {
"advisory": "34f2aa30-de7f-432a-8749-b43d2774140f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0502",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/34f2aa30-de7f-432a-8749-b43d2774140f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/34f2aa30-de7f-432a-8749-b43d2774140f"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/d3b107aaa8ec10816acc762d60e7321079c21706",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/d3b107aaa8ec10816acc762d60e7321079c21706"
}
]
},
"source": {
"advisory": "34f2aa30-de7f-432a-8749-b43d2774140f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0502",
"datePublished": "2022-02-06T10:50:10.000Z",
"dateReserved": "2022-02-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:45.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0395 (GCVE-0-2022-0395)
Vulnerability from cvelistv5 – Published: 2022-01-28 21:31 – Updated: 2024-08-02 23:25
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/36abbd6e-239e-4739-8c77-ba212b946a4a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/8fdb4f67ac1a095331aa0fb4630ef9dfe8e75dcb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-28T21:31:31.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/36abbd6e-239e-4739-8c77-ba212b946a4a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/8fdb4f67ac1a095331aa0fb4630ef9dfe8e75dcb"
}
],
"source": {
"advisory": "36abbd6e-239e-4739-8c77-ba212b946a4a",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0395",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/36abbd6e-239e-4739-8c77-ba212b946a4a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/36abbd6e-239e-4739-8c77-ba212b946a4a"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/8fdb4f67ac1a095331aa0fb4630ef9dfe8e75dcb",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/8fdb4f67ac1a095331aa0fb4630ef9dfe8e75dcb"
}
]
},
"source": {
"advisory": "36abbd6e-239e-4739-8c77-ba212b946a4a",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0395",
"datePublished": "2022-01-28T21:31:31.000Z",
"dateReserved": "2022-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0394 (GCVE-0-2022-0394)
Vulnerability from cvelistv5 – Published: 2022-01-28 10:16 – Updated: 2025-06-09 15:00
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity ?
5.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/e13823d0-271c-448b-a0c5-8549ea7ea272"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/d7b85466c217b3750eaccc8703ce54ba8785c4d3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:00:44.563411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:00:58.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-28T10:16:27.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/e13823d0-271c-448b-a0c5-8549ea7ea272"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/d7b85466c217b3750eaccc8703ce54ba8785c4d3"
}
],
"source": {
"advisory": "e13823d0-271c-448b-a0c5-8549ea7ea272",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0394",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/e13823d0-271c-448b-a0c5-8549ea7ea272",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/e13823d0-271c-448b-a0c5-8549ea7ea272"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/d7b85466c217b3750eaccc8703ce54ba8785c4d3",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/d7b85466c217b3750eaccc8703ce54ba8785c4d3"
}
]
},
"source": {
"advisory": "e13823d0-271c-448b-a0c5-8549ea7ea272",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0394",
"datePublished": "2022-01-28T10:16:27.000Z",
"dateReserved": "2022-01-27T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:00:58.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0370 (GCVE-0-2022-0370)
Vulnerability from cvelistv5 – Published: 2022-01-27 05:55 – Updated: 2024-08-02 23:25
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-27T05:55:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb"
}
],
"source": {
"advisory": "fbe4b376-57ce-42cd-a9a9-049c4099b3ca",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0370",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb"
}
]
},
"source": {
"advisory": "fbe4b376-57ce-42cd-a9a9-049c4099b3ca",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0370",
"datePublished": "2022-01-27T05:55:09.000Z",
"dateReserved": "2022-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0387 (GCVE-0-2022-0387)
Vulnerability from cvelistv5 – Published: 2022-01-27 05:20 – Updated: 2024-08-02 23:25
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-27T05:20:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444"
}
],
"source": {
"advisory": "2e09035b-8f98-4930-b7e8-7abe5f722b98",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0387",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444"
}
]
},
"source": {
"advisory": "2e09035b-8f98-4930-b7e8-7abe5f722b98",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0387",
"datePublished": "2022-01-27T05:20:09.000Z",
"dateReserved": "2022-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0375 (GCVE-0-2022-0375)
Vulnerability from cvelistv5 – Published: 2022-01-26 09:30 – Updated: 2024-08-02 23:25
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/28e1c356-6eaa-4d93-af56-938e3b4d40a7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T09:30:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/28e1c356-6eaa-4d93-af56-938e3b4d40a7"
}
],
"source": {
"advisory": "28e1c356-6eaa-4d93-af56-938e3b4d40a7",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0375",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102"
},
{
"name": "https://huntr.dev/bounties/28e1c356-6eaa-4d93-af56-938e3b4d40a7",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/28e1c356-6eaa-4d93-af56-938e3b4d40a7"
}
]
},
"source": {
"advisory": "28e1c356-6eaa-4d93-af56-938e3b4d40a7",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0375",
"datePublished": "2022-01-26T09:30:10.000Z",
"dateReserved": "2022-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0374 (GCVE-0-2022-0374)
Vulnerability from cvelistv5 – Published: 2022-01-26 09:15 – Updated: 2024-08-02 23:25
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f8b560a6-aa19-4262-8ae4-cf88204310ef"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T09:15:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f8b560a6-aa19-4262-8ae4-cf88204310ef"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102"
}
],
"source": {
"advisory": "f8b560a6-aa19-4262-8ae4-cf88204310ef",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0374",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/f8b560a6-aa19-4262-8ae4-cf88204310ef",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f8b560a6-aa19-4262-8ae4-cf88204310ef"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102"
}
]
},
"source": {
"advisory": "f8b560a6-aa19-4262-8ae4-cf88204310ef",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0374",
"datePublished": "2022-01-26T09:15:11.000Z",
"dateReserved": "2022-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}