Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
242055.0%CRITICAL

Related CVEs

42
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2026-27954Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints (holdaction.php, blockuser.php, and transferchat.php) load chat objects by ID without calling `erLhcoreClassChat::hasAccessToRead()`, allowing operators to act on chats in departments they are not assigned to. Operators with the relevant role permissions (holduse, allowblockusers, allowtransfer) can hold, block users from, or transfer chats in departments they are not assigned to. This is a horizontal privilege escalation within one organization. As of time of publication, no known patched versions are available.MEDIUM4.98.8%Feb 26, 2026
CVE-2025-51403A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter.MEDIUM6.571.6%Jul 21, 2025
CVE-2025-51401A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter.MEDIUM5.454.3%Jul 21, 2025
CVE-2025-51400A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.MEDIUM5.454.3%Jul 21, 2025
CVE-2025-51398A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.MEDIUM5.454.3%Jul 21, 2025
CVE-2025-51397A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists.MEDIUM5.453.7%Jul 21, 2025
CVE-2025-51396A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter.MEDIUM5.454.3%Jul 21, 2025
CVE-2024-27516Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php.CRITICAL9.870.5%Feb 29, 2024
CVE-2022-1530Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application.MEDIUM6.1Apr 29, 2022
CVE-2022-0935Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.HIGH8.8Apr 7, 2022
CVE-2022-1234XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device.MEDIUM6.1Apr 6, 2022
CVE-2022-1235Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.HIGH8.2Apr 5, 2022
CVE-2022-1213SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191HIGH8.1Apr 5, 2022
CVE-2022-1176Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.HIGH7.5Mar 31, 2022
CVE-2022-1191SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.HIGH8.1Mar 31, 2022
CVE-2022-0612Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.MEDIUM5.4Feb 16, 2022
CVE-2022-0502Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.MEDIUM5.4Feb 6, 2022
CVE-2022-0395Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.MEDIUM5.4Jan 28, 2022
CVE-2022-0394Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.MEDIUM5.4Jan 28, 2022
CVE-2022-0387Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.MEDIUM5.4Jan 27, 2022