Search criteria
12 vulnerabilities found for livehelperchat by LiveHelperChat
CVE-2026-27954 (GCVE-0-2026-27954)
Vulnerability from nvd – Published: 2026-02-26 01:42 – Updated: 2026-02-26 19:30
VLAI?
Title
LiveHelperChat has department-level authorization bypass in holdaction, blockuser, and transferchat endpoints
Summary
Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints (holdaction.php, blockuser.php, and transferchat.php) load chat objects by ID without calling `erLhcoreClassChat::hasAccessToRead()`, allowing operators to act on chats in departments they are not assigned to. Operators with the relevant role permissions (holduse, allowblockusers, allowtransfer) can hold, block users from, or transfer chats in departments they are not assigned to. This is a horizontal privilege escalation within one organization. As of time of publication, no known patched versions are available.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LiveHelperChat | livehelperchat |
Affected:
<= 4.52
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T19:30:11.251760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:30:20.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat",
"vendor": "LiveHelperChat",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.52"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints (holdaction.php, blockuser.php, and transferchat.php) load chat objects by ID without calling `erLhcoreClassChat::hasAccessToRead()`, allowing operators to act on chats in departments they are not assigned to. Operators with the relevant role permissions (holduse, allowblockusers, allowtransfer) can hold, block users from, or transfer chats in departments they are not assigned to. This is a horizontal privilege escalation within one organization. As of time of publication, no known patched versions are available."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T01:42:38.225Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LiveHelperChat/livehelperchat/security/advisories/GHSA-87wc-2p86-h3w7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LiveHelperChat/livehelperchat/security/advisories/GHSA-87wc-2p86-h3w7"
}
],
"source": {
"advisory": "GHSA-87wc-2p86-h3w7",
"discovery": "UNKNOWN"
},
"title": "LiveHelperChat has department-level authorization bypass in holdaction, blockuser, and transferchat endpoints"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27954",
"datePublished": "2026-02-26T01:42:38.225Z",
"dateReserved": "2026-02-25T03:11:36.691Z",
"dateUpdated": "2026-02-26T19:30:20.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0483 (GCVE-0-2026-0483)
Vulnerability from nvd – Published: 2026-01-28 11:43 – Updated: 2026-01-28 15:47
VLAI?
Title
Stored Cross-Site Scripting (XSS) vulnerability in LiveHelperChat
Summary
Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user's context when they download and open the file via the link generated by the application. The vulnerability allows arbitrary JavaScript code to be executed in the user's local context.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LiveHelperChat | LiveHelperChat |
Affected:
0 , < 4.72
(custom)
|
Credits
Miguel Jimenez Camara
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T15:47:00.465875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T15:47:13.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LiveHelperChat",
"vendor": "LiveHelperChat",
"versions": [
{
"lessThan": "4.72",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:livehelperchat:livehelperchat:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.72",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Miguel Jimenez Camara"
}
],
"datePublic": "2026-01-26T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user\u0027s context when they download and open the file via the link generated by the application. The vulnerability allows arbitrary JavaScript code to be executed in the user\u0027s local context."
}
],
"value": "Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user\u0027s context when they download and open the file via the link generated by the application. The vulnerability allows arbitrary JavaScript code to be executed in the user\u0027s local context."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T11:43:42.484Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-vulnerability-livehelperchat"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been fixed in the 4.72 version."
}
],
"value": "The vulnerability has been fixed in the 4.72 version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored Cross-Site Scripting (XSS) vulnerability in LiveHelperChat",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2026-0483",
"datePublished": "2026-01-28T11:43:42.484Z",
"dateReserved": "2025-12-09T12:06:56.261Z",
"dateUpdated": "2026-01-28T15:47:13.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-0387 (GCVE-0-2022-0387)
Vulnerability from nvd – Published: 2022-01-27 05:20 – Updated: 2024-08-02 23:25
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-27T05:20:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444"
}
],
"source": {
"advisory": "2e09035b-8f98-4930-b7e8-7abe5f722b98",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0387",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444"
}
]
},
"source": {
"advisory": "2e09035b-8f98-4930-b7e8-7abe5f722b98",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0387",
"datePublished": "2022-01-27T05:20:09.000Z",
"dateReserved": "2022-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0370 (GCVE-0-2022-0370)
Vulnerability from nvd – Published: 2022-01-27 05:55 – Updated: 2024-08-02 23:25
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-27T05:55:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb"
}
],
"source": {
"advisory": "fbe4b376-57ce-42cd-a9a9-049c4099b3ca",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0370",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb"
}
]
},
"source": {
"advisory": "fbe4b376-57ce-42cd-a9a9-049c4099b3ca",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0370",
"datePublished": "2022-01-27T05:55:09.000Z",
"dateReserved": "2022-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0245 (GCVE-0-2022-0245)
Vulnerability from nvd – Published: 2022-01-18 05:15 – Updated: 2024-08-02 23:18
VLAI?
Title
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0.
Severity ?
5.7 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 2.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6a6aca72-32b7-45b3-a8ba-9b400b2d669c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/c2fa19afeb8b1ea927fea3fd452515c95f289fb9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-18T05:15:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6a6aca72-32b7-45b3-a8ba-9b400b2d669c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/c2fa19afeb8b1ea927fea3fd452515c95f289fb9"
}
],
"source": {
"advisory": "6a6aca72-32b7-45b3-a8ba-9b400b2d669c",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0245",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/6a6aca72-32b7-45b3-a8ba-9b400b2d669c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6a6aca72-32b7-45b3-a8ba-9b400b2d669c"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/c2fa19afeb8b1ea927fea3fd452515c95f289fb9",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/c2fa19afeb8b1ea927fea3fd452515c95f289fb9"
}
]
},
"source": {
"advisory": "6a6aca72-32b7-45b3-a8ba-9b400b2d669c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0245",
"datePublished": "2022-01-18T05:15:10.000Z",
"dateReserved": "2022-01-17T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:42.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0253 (GCVE-0-2022-0253)
Vulnerability from nvd – Published: 2022-01-17 13:15 – Updated: 2024-08-02 23:25
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , ≤ 3.91
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/407d0b1a1fa56fa6f824a19092774f10f4880437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThanOrEqual": "3.91",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-17T13:15:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/407d0b1a1fa56fa6f824a19092774f10f4880437"
}
],
"source": {
"advisory": "ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0253",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.91"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/407d0b1a1fa56fa6f824a19092774f10f4880437",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/407d0b1a1fa56fa6f824a19092774f10f4880437"
}
]
},
"source": {
"advisory": "ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0253",
"datePublished": "2022-01-17T13:15:09.000Z",
"dateReserved": "2022-01-17T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-27954 (GCVE-0-2026-27954)
Vulnerability from cvelistv5 – Published: 2026-02-26 01:42 – Updated: 2026-02-26 19:30
VLAI?
Title
LiveHelperChat has department-level authorization bypass in holdaction, blockuser, and transferchat endpoints
Summary
Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints (holdaction.php, blockuser.php, and transferchat.php) load chat objects by ID without calling `erLhcoreClassChat::hasAccessToRead()`, allowing operators to act on chats in departments they are not assigned to. Operators with the relevant role permissions (holduse, allowblockusers, allowtransfer) can hold, block users from, or transfer chats in departments they are not assigned to. This is a horizontal privilege escalation within one organization. As of time of publication, no known patched versions are available.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LiveHelperChat | livehelperchat |
Affected:
<= 4.52
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T19:30:11.251760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:30:20.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat",
"vendor": "LiveHelperChat",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.52"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints (holdaction.php, blockuser.php, and transferchat.php) load chat objects by ID without calling `erLhcoreClassChat::hasAccessToRead()`, allowing operators to act on chats in departments they are not assigned to. Operators with the relevant role permissions (holduse, allowblockusers, allowtransfer) can hold, block users from, or transfer chats in departments they are not assigned to. This is a horizontal privilege escalation within one organization. As of time of publication, no known patched versions are available."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T01:42:38.225Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LiveHelperChat/livehelperchat/security/advisories/GHSA-87wc-2p86-h3w7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LiveHelperChat/livehelperchat/security/advisories/GHSA-87wc-2p86-h3w7"
}
],
"source": {
"advisory": "GHSA-87wc-2p86-h3w7",
"discovery": "UNKNOWN"
},
"title": "LiveHelperChat has department-level authorization bypass in holdaction, blockuser, and transferchat endpoints"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27954",
"datePublished": "2026-02-26T01:42:38.225Z",
"dateReserved": "2026-02-25T03:11:36.691Z",
"dateUpdated": "2026-02-26T19:30:20.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0483 (GCVE-0-2026-0483)
Vulnerability from cvelistv5 – Published: 2026-01-28 11:43 – Updated: 2026-01-28 15:47
VLAI?
Title
Stored Cross-Site Scripting (XSS) vulnerability in LiveHelperChat
Summary
Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user's context when they download and open the file via the link generated by the application. The vulnerability allows arbitrary JavaScript code to be executed in the user's local context.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LiveHelperChat | LiveHelperChat |
Affected:
0 , < 4.72
(custom)
|
Credits
Miguel Jimenez Camara
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T15:47:00.465875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T15:47:13.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LiveHelperChat",
"vendor": "LiveHelperChat",
"versions": [
{
"lessThan": "4.72",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:livehelperchat:livehelperchat:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.72",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Miguel Jimenez Camara"
}
],
"datePublic": "2026-01-26T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user\u0027s context when they download and open the file via the link generated by the application. The vulnerability allows arbitrary JavaScript code to be executed in the user\u0027s local context."
}
],
"value": "Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user\u0027s context when they download and open the file via the link generated by the application. The vulnerability allows arbitrary JavaScript code to be executed in the user\u0027s local context."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T11:43:42.484Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-vulnerability-livehelperchat"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been fixed in the 4.72 version."
}
],
"value": "The vulnerability has been fixed in the 4.72 version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored Cross-Site Scripting (XSS) vulnerability in LiveHelperChat",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2026-0483",
"datePublished": "2026-01-28T11:43:42.484Z",
"dateReserved": "2025-12-09T12:06:56.261Z",
"dateUpdated": "2026-01-28T15:47:13.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-0370 (GCVE-0-2022-0370)
Vulnerability from cvelistv5 – Published: 2022-01-27 05:55 – Updated: 2024-08-02 23:25
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-27T05:55:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb"
}
],
"source": {
"advisory": "fbe4b376-57ce-42cd-a9a9-049c4099b3ca",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0370",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb"
}
]
},
"source": {
"advisory": "fbe4b376-57ce-42cd-a9a9-049c4099b3ca",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0370",
"datePublished": "2022-01-27T05:55:09.000Z",
"dateReserved": "2022-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0387 (GCVE-0-2022-0387)
Vulnerability from cvelistv5 – Published: 2022-01-27 05:20 – Updated: 2024-08-02 23:25
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-27T05:20:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444"
}
],
"source": {
"advisory": "2e09035b-8f98-4930-b7e8-7abe5f722b98",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0387",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444"
}
]
},
"source": {
"advisory": "2e09035b-8f98-4930-b7e8-7abe5f722b98",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0387",
"datePublished": "2022-01-27T05:20:09.000Z",
"dateReserved": "2022-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0245 (GCVE-0-2022-0245)
Vulnerability from cvelistv5 – Published: 2022-01-18 05:15 – Updated: 2024-08-02 23:18
VLAI?
Title
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0.
Severity ?
5.7 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 2.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6a6aca72-32b7-45b3-a8ba-9b400b2d669c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/c2fa19afeb8b1ea927fea3fd452515c95f289fb9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-18T05:15:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6a6aca72-32b7-45b3-a8ba-9b400b2d669c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/c2fa19afeb8b1ea927fea3fd452515c95f289fb9"
}
],
"source": {
"advisory": "6a6aca72-32b7-45b3-a8ba-9b400b2d669c",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0245",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/6a6aca72-32b7-45b3-a8ba-9b400b2d669c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6a6aca72-32b7-45b3-a8ba-9b400b2d669c"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/c2fa19afeb8b1ea927fea3fd452515c95f289fb9",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/c2fa19afeb8b1ea927fea3fd452515c95f289fb9"
}
]
},
"source": {
"advisory": "6a6aca72-32b7-45b3-a8ba-9b400b2d669c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0245",
"datePublished": "2022-01-18T05:15:10.000Z",
"dateReserved": "2022-01-17T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:42.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0253 (GCVE-0-2022-0253)
Vulnerability from cvelistv5 – Published: 2022-01-17 13:15 – Updated: 2024-08-02 23:25
VLAI?
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , ≤ 3.91
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/407d0b1a1fa56fa6f824a19092774f10f4880437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThanOrEqual": "3.91",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-17T13:15:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/407d0b1a1fa56fa6f824a19092774f10f4880437"
}
],
"source": {
"advisory": "ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0253",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.91"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/407d0b1a1fa56fa6f824a19092774f10f4880437",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/407d0b1a1fa56fa6f824a19092774f10f4880437"
}
]
},
"source": {
"advisory": "ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0253",
"datePublished": "2022-01-17T13:15:09.000Z",
"dateReserved": "2022-01-17T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}