CVE-2026-27954
- EPSS 0.03%
- Veröffentlicht 26.02.2026 01:42:38
- Zuletzt bearbeitet 28.02.2026 00:56:08
Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints (holdaction.php, blockuser.php, and transferchat.php) load chat objects by ID without calling `erLhc...
CVE-2026-0483
- EPSS 0.06%
- Veröffentlicht 28.01.2026 11:43:42
- Zuletzt bearbeitet 29.01.2026 16:31:35
Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user's context when...
CVE-2024-27516
- EPSS 2.46%
- Veröffentlicht 29.02.2024 01:44:20
- Zuletzt bearbeitet 30.04.2025 16:53:33
Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php.
CVE-2022-0370
- EPSS 0.29%
- Veröffentlicht 27.01.2022 06:15:07
- Zuletzt bearbeitet 21.11.2024 06:38:28
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0387
- EPSS 0.28%
- Veröffentlicht 27.01.2022 06:15:07
- Zuletzt bearbeitet 21.11.2024 06:38:30
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0245
- EPSS 0.11%
- Veröffentlicht 18.01.2022 06:15:06
- Zuletzt bearbeitet 21.11.2024 06:38:13
Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0.
CVE-2022-0253
- EPSS 0.29%
- Veröffentlicht 17.01.2022 14:15:08
- Zuletzt bearbeitet 21.11.2024 06:38:14
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')