Livehelperchat

Live Helper Chat

38 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-27954

  • EPSS 0.03%
  • Veröffentlicht 26.02.2026 01:42:38
  • Zuletzt bearbeitet 28.02.2026 00:56:08

Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints (holdaction.php, blockuser.php, and transferchat.php) load chat objects by ID without calling `erLhc...

6.5

CVE-2025-51403

Exploit
  • EPSS 0.25%
  • Veröffentlicht 21.07.2025 00:00:00
  • Zuletzt bearbeitet 07.08.2025 01:27:28

A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter.

5.4

CVE-2025-51401

Exploit
  • EPSS 0.18%
  • Veröffentlicht 21.07.2025 00:00:00
  • Zuletzt bearbeitet 07.08.2025 01:25:50

A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter.

5.4

CVE-2025-51400

Exploit
  • EPSS 0.18%
  • Veröffentlicht 21.07.2025 00:00:00
  • Zuletzt bearbeitet 07.08.2025 01:24:26

A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.

5.4

CVE-2025-51398

Exploit
  • EPSS 0.18%
  • Veröffentlicht 21.07.2025 00:00:00
  • Zuletzt bearbeitet 07.08.2025 01:30:15

A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.

5.4

CVE-2025-51397

Exploit
  • EPSS 0.26%
  • Veröffentlicht 21.07.2025 00:00:00
  • Zuletzt bearbeitet 07.08.2025 01:23:37

A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists.

5.4

CVE-2025-51396

Exploit
  • EPSS 0.18%
  • Veröffentlicht 21.07.2025 00:00:00
  • Zuletzt bearbeitet 07.08.2025 01:22:52

A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter.

9.8

CVE-2024-27516

  • EPSS 2.46%
  • Veröffentlicht 29.02.2024 01:44:20
  • Zuletzt bearbeitet 30.04.2025 16:53:33

Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php.

6.1

CVE-2022-1530

Exploit
  • EPSS 0.22%
  • Veröffentlicht 29.04.2022 09:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:54

Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application.

8.8

CVE-2022-0935

Exploit
  • EPSS 0.4%
  • Veröffentlicht 07.04.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:39:41

Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.