Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
45 vulnerabilities by LiveHelperChat
CVE-2026-44633 (GCVE-0-2026-44633)
Vulnerability from cvelistv5 – Published: 2026-05-14 18:46 – Updated: 2026-05-14 19:42
VLAI
Title
Live Helper Chat: REST API chat update accepts arbitrary chat fields across department boundaries
Summary
Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can change the chat hash and status and then access or tamper with the chat through visitor/widget paths. The same write primitive can set operation_admin, which is later emitted as operator-side JavaScript.
Severity
8.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/LiveHelperChat/livehelperchat/… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LiveHelperChat | livehelperchat |
Affected:
< 4.84v
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44633",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T19:42:22.620075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:42:29.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/LiveHelperChat/livehelperchat/security/advisories/GHSA-hjqq-qmvj-9whm"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat",
"vendor": "LiveHelperChat",
"versions": [
{
"status": "affected",
"version": "\u003c 4.84v"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can change the chat hash and status and then access or tamper with the chat through visitor/widget paths. The same write primitive can set operation_admin, which is later emitted as operator-side JavaScript."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T18:46:52.064Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LiveHelperChat/livehelperchat/security/advisories/GHSA-hjqq-qmvj-9whm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LiveHelperChat/livehelperchat/security/advisories/GHSA-hjqq-qmvj-9whm"
}
],
"source": {
"advisory": "GHSA-hjqq-qmvj-9whm",
"discovery": "UNKNOWN"
},
"title": "Live Helper Chat: REST API chat update accepts arbitrary chat fields across department boundaries"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44633",
"datePublished": "2026-05-14T18:46:52.064Z",
"dateReserved": "2026-05-07T15:30:10.875Z",
"dateUpdated": "2026-05-14T19:42:29.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27954 (GCVE-0-2026-27954)
Vulnerability from cvelistv5 – Published: 2026-02-26 01:42 – Updated: 2026-02-26 19:30
VLAI
Title
LiveHelperChat has department-level authorization bypass in holdaction, blockuser, and transferchat endpoints
Summary
Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints (holdaction.php, blockuser.php, and transferchat.php) load chat objects by ID without calling `erLhcoreClassChat::hasAccessToRead()`, allowing operators to act on chats in departments they are not assigned to. Operators with the relevant role permissions (holduse, allowblockusers, allowtransfer) can hold, block users from, or transfer chats in departments they are not assigned to. This is a horizontal privilege escalation within one organization. As of time of publication, no known patched versions are available.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/LiveHelperChat/livehelperchat/… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LiveHelperChat | livehelperchat |
Affected:
<= 4.52
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T19:30:11.251760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:30:20.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat",
"vendor": "LiveHelperChat",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.52"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints (holdaction.php, blockuser.php, and transferchat.php) load chat objects by ID without calling `erLhcoreClassChat::hasAccessToRead()`, allowing operators to act on chats in departments they are not assigned to. Operators with the relevant role permissions (holduse, allowblockusers, allowtransfer) can hold, block users from, or transfer chats in departments they are not assigned to. This is a horizontal privilege escalation within one organization. As of time of publication, no known patched versions are available."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T01:42:38.225Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LiveHelperChat/livehelperchat/security/advisories/GHSA-87wc-2p86-h3w7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LiveHelperChat/livehelperchat/security/advisories/GHSA-87wc-2p86-h3w7"
}
],
"source": {
"advisory": "GHSA-87wc-2p86-h3w7",
"discovery": "UNKNOWN"
},
"title": "LiveHelperChat has department-level authorization bypass in holdaction, blockuser, and transferchat endpoints"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27954",
"datePublished": "2026-02-26T01:42:38.225Z",
"dateReserved": "2026-02-25T03:11:36.691Z",
"dateUpdated": "2026-02-26T19:30:20.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0483 (GCVE-0-2026-0483)
Vulnerability from cvelistv5 – Published: 2026-01-28 11:43 – Updated: 2026-01-28 15:47
VLAI
Title
Stored Cross-Site Scripting (XSS) vulnerability in LiveHelperChat
Summary
Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user's context when they download and open the file via the link generated by the application. The vulnerability allows arbitrary JavaScript code to be executed in the user's local context.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LiveHelperChat | LiveHelperChat |
Affected:
0 , < 4.72
(custom)
|
Date Public
2026-01-26 11:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T15:47:00.465875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T15:47:13.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LiveHelperChat",
"vendor": "LiveHelperChat",
"versions": [
{
"lessThan": "4.72",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:livehelperchat:livehelperchat:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.72",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Miguel Jimenez Camara"
}
],
"datePublic": "2026-01-26T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user\u0027s context when they download and open the file via the link generated by the application. The vulnerability allows arbitrary JavaScript code to be executed in the user\u0027s local context."
}
],
"value": "Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user\u0027s context when they download and open the file via the link generated by the application. The vulnerability allows arbitrary JavaScript code to be executed in the user\u0027s local context."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T11:43:42.484Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-vulnerability-livehelperchat"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been fixed in the 4.72 version."
}
],
"value": "The vulnerability has been fixed in the 4.72 version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored Cross-Site Scripting (XSS) vulnerability in LiveHelperChat",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2026-0483",
"datePublished": "2026-01-28T11:43:42.484Z",
"dateReserved": "2025-12-09T12:06:56.261Z",
"dateUpdated": "2026-01-28T15:47:13.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-51403 (GCVE-0-2025-51403)
Vulnerability from cvelistv5 – Published: 2025-07-21 00:00 – Updated: 2025-07-21 19:40
VLAI
Summary
A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-51403",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-21T19:19:59.299555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T19:40:01.470Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T19:00:32.294Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/LiveHelperChat/livehelperchat/pull/2228/commits/2056503ad96e04467ec9af8d827109b9b9b46223"
},
{
"url": "https://www.dropbox.com/scl/fi/w7mur1fo4jb3harpx6om9/2025-05-08-21-38-14.mp4?rlkey=cpf5omg95tikzwno2u99thf3v\u0026st=2xgfedgo\u0026dl=0"
},
{
"url": "https://github.com/Thewhiteevil/CVE-2025-51403"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-51403",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-06-16T00:00:00.000Z",
"dateUpdated": "2025-07-21T19:40:01.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-51398 (GCVE-0-2025-51398)
Vulnerability from cvelistv5 – Published: 2025-07-21 00:00 – Updated: 2025-07-22 13:39
VLAI
Summary
A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-51398",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T13:39:14.635096Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T13:39:50.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T18:58:12.555Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/LiveHelperChat/livehelperchat/pull/2228/commits/2056503ad96e04467ec9af8d827109b9b9b46223"
},
{
"url": "https://www.dropbox.com/scl/fi/ldtrdf1681gekt9922d4y/2025-05-09-03-09-00.mp4?rlkey=pq1enfkys429h2g3ut3hs4fqj\u0026st=zxc9vuq0\u0026dl=0"
},
{
"url": "https://github.com/Thewhiteevil/CVE-2025-51398"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-51398",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-06-16T00:00:00.000Z",
"dateUpdated": "2025-07-22T13:39:50.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-51400 (GCVE-0-2025-51400)
Vulnerability from cvelistv5 – Published: 2025-07-21 00:00 – Updated: 2025-07-22 13:38
VLAI
Summary
A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-51400",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T13:36:40.432943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T13:38:16.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T18:59:01.139Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/LiveHelperChat/livehelperchat/pull/2228/commits/2056503ad96e04467ec9af8d827109b9b9b46223"
},
{
"url": "https://www.dropbox.com/scl/fi/4ojb61ilgmu4xmtqnfqed/2025-05-08-20-41-52.mp4?rlkey=cz03rl97pskdk7d6bvb9dbvs7\u0026st=ixsqpy0v\u0026dl=0"
},
{
"url": "https://github.com/Thewhiteevil/CVE-2025-51400"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-51400",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-06-16T00:00:00.000Z",
"dateUpdated": "2025-07-22T13:38:16.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-51397 (GCVE-0-2025-51397)
Vulnerability from cvelistv5 – Published: 2025-07-21 00:00 – Updated: 2025-07-22 13:41
VLAI
Summary
A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-779 - Logging of Excessive Data
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-51397",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T13:40:50.291597Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-779",
"description": "CWE-779 Logging of Excessive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T13:41:32.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient\u0027 Lists."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T18:56:30.350Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/LiveHelperChat/livehelperchat/pull/2228/commits/2056503ad96e04467ec9af8d827109b9b9b46223"
},
{
"url": "https://www.dropbox.com/scl/fi/qrbtcv8bir2i8ielguyi3/2025-05-09-13-58-50.mp4?rlkey=thcbqxuzpm37o73j0ywsu3h3u\u0026st=fhird68s\u0026dl=0"
},
{
"url": "https://github.com/Thewhiteevil/CVE-2025-51397"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-51397",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-06-16T00:00:00.000Z",
"dateUpdated": "2025-07-22T13:41:32.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-51401 (GCVE-0-2025-51401)
Vulnerability from cvelistv5 – Published: 2025-07-21 00:00 – Updated: 2025-07-22 13:35
VLAI
Summary
A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-51401",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T13:33:58.847052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T13:35:12.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T18:59:46.830Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/LiveHelperChat/livehelperchat/pull/2228/commits/2056503ad96e04467ec9af8d827109b9b9b46223"
},
{
"url": "https://www.dropbox.com/scl/fi/efzjql0brniphfh5sgrzn/2025-05-09-14-26-26.mp4?rlkey=z4zpec6wsja5xo0ovq0g5g1tt\u0026st=abbp3gtr\u0026dl=0"
},
{
"url": "https://github.com/Thewhiteevil/CVE-2025-51401"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-51401",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-06-16T00:00:00.000Z",
"dateUpdated": "2025-07-22T13:35:12.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-51396 (GCVE-0-2025-51396)
Vulnerability from cvelistv5 – Published: 2025-07-21 00:00 – Updated: 2025-07-22 13:44
VLAI
Summary
A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-51396",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T13:42:49.642853Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T13:44:35.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T18:55:47.693Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dropbox.com/scl/fi/e6z9vidj3wnzm0guzqsax/2025-05-09-02-53-20.mp4?rlkey=s27ywh16uz5uqam0qzweo3p8w\u0026st=eglxeohk\u0026dl=0"
},
{
"url": "https://github.com/LiveHelperChat/livehelperchat/pull/2228/commits/2056503ad96e04467ec9af8d827109b9b9b46223"
},
{
"url": "https://github.com/Thewhiteevil/CVE-2025-51396"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-51396",
"datePublished": "2025-07-21T00:00:00.000Z",
"dateReserved": "2025-06-16T00:00:00.000Z",
"dateUpdated": "2025-07-22T13:44:35.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7435 (GCVE-0-2025-7435)
Vulnerability from cvelistv5 – Published: 2025-07-11 02:02 – Updated: 2025-07-11 13:25
VLAI
Title
LiveHelperChat lhc-php-resque Extension List list cross site scripting
Summary
A vulnerability was found in LiveHelperChat lhc-php-resque Extension up to ee1270b35625f552425e32a6a3061cd54b5085c4. It has been classified as problematic. This affects an unknown part of the file /site_admin/lhcphpresque/list/ of the component List Handler. The manipulation of the argument queue name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 542aa8449b5aa889b3a54f419e794afe19f56d5d/0ce7b4f1193c0ed6c6e31a960fafededf979eef2. It is recommended to apply a patch to fix this issue.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.316005 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.316005 | signaturepermissions-required |
| https://vuldb.com/?submit.609068 | third-party-advisory |
| https://github.com/CodeBrics/lhc-php-resque-exploit/ | exploit |
| https://github.com/CodeBrics/lhc-php-resque-explo… | exploit |
| https://github.com/LiveHelperChat/lhc-php-resque/… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LiveHelperChat | lhc-php-resque Extension |
Affected:
ee1270b35625f552425e32a6a3061cd54b5085c4
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7435",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T13:25:34.454490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:25:38.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/CodeBrics/lhc-php-resque-exploit/?tab=readme-ov-file#attack-vector"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/CodeBrics/lhc-php-resque-exploit/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"List Handler"
],
"product": "lhc-php-resque Extension",
"vendor": "LiveHelperChat",
"versions": [
{
"status": "affected",
"version": "ee1270b35625f552425e32a6a3061cd54b5085c4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jay Shah (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in LiveHelperChat lhc-php-resque Extension up to ee1270b35625f552425e32a6a3061cd54b5085c4. It has been classified as problematic. This affects an unknown part of the file /site_admin/lhcphpresque/list/ of the component List Handler. The manipulation of the argument queue name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 542aa8449b5aa889b3a54f419e794afe19f56d5d/0ce7b4f1193c0ed6c6e31a960fafededf979eef2. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in LiveHelperChat lhc-php-resque Extension bis ee1270b35625f552425e32a6a3061cd54b5085c4 ausgemacht. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /site_admin/lhcphpresque/list/ der Komponente List Handler. Durch Manipulieren des Arguments queue name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar. Der Patch wird als 542aa8449b5aa889b3a54f419e794afe19f56d5d/0ce7b4f1193c0ed6c6e31a960fafededf979eef2 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T02:02:07.812Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316005 | LiveHelperChat lhc-php-resque Extension List list cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316005"
},
{
"name": "VDB-316005 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316005"
},
{
"name": "Submit #609068 | Live Helper Chat lhc-php-resque extension for Live Helper Chat \u003c 0ce7b4f1193c0ed6c6e31a960fafededf979eef2 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.609068"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/CodeBrics/lhc-php-resque-exploit/"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/CodeBrics/lhc-php-resque-exploit/?tab=readme-ov-file#attack-vector"
},
{
"tags": [
"patch"
],
"url": "https://github.com/LiveHelperChat/lhc-php-resque/commit/542aa8449b5aa889b3a54f419e794afe19f56d5d"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-10T17:56:07.000Z",
"value": "VulDB entry last update"
}
],
"title": "LiveHelperChat lhc-php-resque Extension List list cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7435",
"datePublished": "2025-07-11T02:02:07.812Z",
"dateReserved": "2025-07-10T15:50:26.812Z",
"dateUpdated": "2025-07-11T13:25:38.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27516 (GCVE-0-2024-27516)
Vulnerability from cvelistv5 – Published: 2024-02-28 00:00 – Updated: 2024-08-02 00:34
VLAI
Summary
Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| livehelperchat | livehelperchat |
Affected:
0 , < 4.34
(custom)
cpe:2.3:a:livehelperchat:livehelperchat:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:livehelperchat:livehelperchat:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "4.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27516",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T19:12:43.081813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:37.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/LiveHelperChat/livehelperchat/issues/2054"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/LiveHelperChat/livehelperchat/commit/a61d231526a36d4a7d8cc957914799ee1f9db0ab"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-22T02:22:39.347Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/LiveHelperChat/livehelperchat/issues/2054"
},
{
"url": "https://github.com/LiveHelperChat/livehelperchat/commit/a61d231526a36d4a7d8cc957914799ee1f9db0ab"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-27516",
"datePublished": "2024-02-28T00:00:00.000Z",
"dateReserved": "2024-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-02T00:34:52.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1530 (GCVE-0-2022-1530)
Vulnerability from cvelistv5 – Published: 2022-04-29 08:50 – Updated: 2024-08-03 00:10
VLAI
Title
Cross-site Scripting (XSS) in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/8fd8de01-7e83-4324-9cc… | x_refsource_CONFIRM |
| https://github.com/livehelperchat/livehelperchat/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.99v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:02.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8fd8de01-7e83-4324-9cc8-a97acb9b70d6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/edef7a8387be718d0de2dfd1e722789afb0461bc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.99v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T10:35:08.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8fd8de01-7e83-4324-9cc8-a97acb9b70d6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/edef7a8387be718d0de2dfd1e722789afb0461bc"
}
],
"source": {
"advisory": "8fd8de01-7e83-4324-9cc8-a97acb9b70d6",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1530",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.99v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8fd8de01-7e83-4324-9cc8-a97acb9b70d6",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8fd8de01-7e83-4324-9cc8-a97acb9b70d6"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/edef7a8387be718d0de2dfd1e722789afb0461bc",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/edef7a8387be718d0de2dfd1e722789afb0461bc"
}
]
},
"source": {
"advisory": "8fd8de01-7e83-4324-9cc8-a97acb9b70d6",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1530",
"datePublished": "2022-04-29T08:50:10.000Z",
"dateReserved": "2022-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:02.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0935 (GCVE-0-2022-0935)
Vulnerability from cvelistv5 – Published: 2022-04-07 18:21 – Updated: 2024-08-02 23:47
VLAI
Title
Host Header injection in password Reset in livehelperchat/livehelperchat
Summary
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.
Severity
8.8 (High)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/a7e40fdf-a333-4a50-8a5… | x_refsource_CONFIRM |
| https://github.com/livehelperchat/livehelperchat/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.97
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a7e40fdf-a333-4a50-8a53-d11b16ce3ec2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/ce96791cb4c7420266b668fc234c211914259ba7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.97",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-07T18:21:42.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a7e40fdf-a333-4a50-8a53-d11b16ce3ec2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/ce96791cb4c7420266b668fc234c211914259ba7"
}
],
"source": {
"advisory": "a7e40fdf-a333-4a50-8a53-d11b16ce3ec2",
"discovery": "EXTERNAL"
},
"title": "Host Header injection in password Reset in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0935",
"STATE": "PUBLIC",
"TITLE": "Host Header injection in password Reset in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.97"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840 Business Logic Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a7e40fdf-a333-4a50-8a53-d11b16ce3ec2",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a7e40fdf-a333-4a50-8a53-d11b16ce3ec2"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/ce96791cb4c7420266b668fc234c211914259ba7",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/ce96791cb4c7420266b668fc234c211914259ba7"
}
]
},
"source": {
"advisory": "a7e40fdf-a333-4a50-8a53-d11b16ce3ec2",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0935",
"datePublished": "2022-04-07T18:21:42.000Z",
"dateReserved": "2022-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:47:42.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1234 (GCVE-0-2022-1234)
Vulnerability from cvelistv5 – Published: 2022-04-06 03:10 – Updated: 2024-08-02 23:55
VLAI
Title
XSS in livehelperchat in livehelperchat/livehelperchat
Summary
XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device.
Severity
8.8 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/0d235252-0882-4053-85c… | x_refsource_CONFIRM |
| https://github.com/livehelperchat/livehelperchat/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.97
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0d235252-0882-4053-85c1-b41b94c814d4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/a09aa0d793818dc4cae78ac4bcfb557d4fd2a30d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.97",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user\u2019s device."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-06T03:10:15.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0d235252-0882-4053-85c1-b41b94c814d4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/a09aa0d793818dc4cae78ac4bcfb557d4fd2a30d"
}
],
"source": {
"advisory": "0d235252-0882-4053-85c1-b41b94c814d4",
"discovery": "EXTERNAL"
},
"title": "XSS in livehelperchat in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1234",
"STATE": "PUBLIC",
"TITLE": "XSS in livehelperchat in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.97"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user\u2019s device."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0d235252-0882-4053-85c1-b41b94c814d4",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0d235252-0882-4053-85c1-b41b94c814d4"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/a09aa0d793818dc4cae78ac4bcfb557d4fd2a30d",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/a09aa0d793818dc4cae78ac4bcfb557d4fd2a30d"
}
]
},
"source": {
"advisory": "0d235252-0882-4053-85c1-b41b94c814d4",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1234",
"datePublished": "2022-04-06T03:10:15.000Z",
"dateReserved": "2022-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1235 (GCVE-0-2022-1235)
Vulnerability from cvelistv5 – Published: 2022-04-05 06:30 – Updated: 2024-08-02 23:55
VLAI
Title
Weak secrethash can be brute-forced in livehelperchat/livehelperchat
Summary
Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.
Severity
7.5 (High)
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/92f7b2d4-fa88-4c62-a2e… | x_refsource_CONFIRM |
| https://github.com/livehelperchat/livehelperchat/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.96
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/92f7b2d4-fa88-4c62-a2ee-721eebe01705"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/6538d6df3d8a60fee254170b08dd76a161f7bfdc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.96",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-05T06:30:15.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/92f7b2d4-fa88-4c62-a2ee-721eebe01705"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/6538d6df3d8a60fee254170b08dd76a161f7bfdc"
}
],
"source": {
"advisory": "92f7b2d4-fa88-4c62-a2ee-721eebe01705",
"discovery": "EXTERNAL"
},
"title": "Weak secrethash can be brute-forced in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1235",
"STATE": "PUBLIC",
"TITLE": "Weak secrethash can be brute-forced in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.96"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-916 Use of Password Hash With Insufficient Computational Effort"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/92f7b2d4-fa88-4c62-a2ee-721eebe01705",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/92f7b2d4-fa88-4c62-a2ee-721eebe01705"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/6538d6df3d8a60fee254170b08dd76a161f7bfdc",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/6538d6df3d8a60fee254170b08dd76a161f7bfdc"
}
]
},
"source": {
"advisory": "92f7b2d4-fa88-4c62-a2ee-721eebe01705",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1235",
"datePublished": "2022-04-05T06:30:15.000Z",
"dateReserved": "2022-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1213 (GCVE-0-2022-1213)
Vulnerability from cvelistv5 – Published: 2022-04-05 03:45 – Updated: 2024-08-02 23:55
VLAI
Title
SSRF filter bypass port 80, 433 in livehelperchat/livehelperchat
Summary
SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191
Severity
7.7 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/084387f6-5b9c-4017-baa… | x_refsource_CONFIRM |
| https://github.com/livehelperchat/livehelperchat/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.67v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/084387f6-5b9c-4017-baa2-5fcf65b051e1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/abc9599ee7aded466ca216741dcaea533c908111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.67v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-05T03:45:13.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/084387f6-5b9c-4017-baa2-5fcf65b051e1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/abc9599ee7aded466ca216741dcaea533c908111"
}
],
"source": {
"advisory": "084387f6-5b9c-4017-baa2-5fcf65b051e1",
"discovery": "EXTERNAL"
},
"title": "SSRF filter bypass port 80, 433 in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1213",
"STATE": "PUBLIC",
"TITLE": "SSRF filter bypass port 80, 433 in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.67v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/084387f6-5b9c-4017-baa2-5fcf65b051e1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/084387f6-5b9c-4017-baa2-5fcf65b051e1"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/abc9599ee7aded466ca216741dcaea533c908111",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/abc9599ee7aded466ca216741dcaea533c908111"
}
]
},
"source": {
"advisory": "084387f6-5b9c-4017-baa2-5fcf65b051e1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1213",
"datePublished": "2022-04-05T03:45:13.000Z",
"dateReserved": "2022-04-04T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1176 (GCVE-0-2022-1176)
Vulnerability from cvelistv5 – Published: 2022-03-31 10:10 – Updated: 2024-08-02 23:55
VLAI
Title
Loose comparison causes IDOR on multiple endpoints in livehelperchat/livehelperchat
Summary
Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.
Severity
7.5 (High)
CWE
- CWE-843 - Access of Resource Using Incompatible Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/3e30171b-c9bf-415c-82f… | x_refsource_CONFIRM |
| https://github.com/livehelperchat/livehelperchat/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.96
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3e30171b-c9bf-415c-82f1-6f55a44d09d3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/72c0df160bfe9838c618652facef29af99392ce3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.96",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-31T10:10:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3e30171b-c9bf-415c-82f1-6f55a44d09d3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/72c0df160bfe9838c618652facef29af99392ce3"
}
],
"source": {
"advisory": "3e30171b-c9bf-415c-82f1-6f55a44d09d3",
"discovery": "EXTERNAL"
},
"title": "Loose comparison causes IDOR on multiple endpoints in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1176",
"STATE": "PUBLIC",
"TITLE": "Loose comparison causes IDOR on multiple endpoints in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.96"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843 Access of Resource Using Incompatible Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3e30171b-c9bf-415c-82f1-6f55a44d09d3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3e30171b-c9bf-415c-82f1-6f55a44d09d3"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/72c0df160bfe9838c618652facef29af99392ce3",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/72c0df160bfe9838c618652facef29af99392ce3"
}
]
},
"source": {
"advisory": "3e30171b-c9bf-415c-82f1-6f55a44d09d3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1176",
"datePublished": "2022-03-31T10:10:10.000Z",
"dateReserved": "2022-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1191 (GCVE-0-2022-1191)
Vulnerability from cvelistv5 – Published: 2022-03-31 08:35 – Updated: 2024-08-02 23:55
VLAI
Title
SSRF on index.php/cobrowse/proxycss/ in livehelperchat/livehelperchat
Summary
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.
Severity
8.7 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/7264a2e1-17e7-4244-93e… | x_refsource_CONFIRM |
| https://github.com/livehelperchat/livehelperchat/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.96
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/7264a2e1-17e7-4244-93e4-49ec14f282b3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/c41f283a2c1b46c42dd2af16ecbeaedd2fe1f5df"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.96",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-31T08:35:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/7264a2e1-17e7-4244-93e4-49ec14f282b3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/c41f283a2c1b46c42dd2af16ecbeaedd2fe1f5df"
}
],
"source": {
"advisory": "7264a2e1-17e7-4244-93e4-49ec14f282b3",
"discovery": "EXTERNAL"
},
"title": "SSRF on index.php/cobrowse/proxycss/ in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1191",
"STATE": "PUBLIC",
"TITLE": "SSRF on index.php/cobrowse/proxycss/ in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.96"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7264a2e1-17e7-4244-93e4-49ec14f282b3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7264a2e1-17e7-4244-93e4-49ec14f282b3"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/c41f283a2c1b46c42dd2af16ecbeaedd2fe1f5df",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/c41f283a2c1b46c42dd2af16ecbeaedd2fe1f5df"
}
]
},
"source": {
"advisory": "7264a2e1-17e7-4244-93e4-49ec14f282b3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1191",
"datePublished": "2022-03-31T08:35:09.000Z",
"dateReserved": "2022-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0612 (GCVE-0-2022-0612)
Vulnerability from cvelistv5 – Published: 2022-02-16 05:40 – Updated: 2024-08-02 23:32
VLAI
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity
6.7 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/eadcf7d2-a479-4901-abc… | x_refsource_CONFIRM |
| https://github.com/livehelperchat/livehelperchat/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/eadcf7d2-a479-4901-abcc-1505d3f1b32f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/4d4f1db1701f09177896a38e43fd0c693835f03b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-16T05:40:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/eadcf7d2-a479-4901-abcc-1505d3f1b32f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/4d4f1db1701f09177896a38e43fd0c693835f03b"
}
],
"source": {
"advisory": "eadcf7d2-a479-4901-abcc-1505d3f1b32f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0612",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/eadcf7d2-a479-4901-abcc-1505d3f1b32f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/eadcf7d2-a479-4901-abcc-1505d3f1b32f"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/4d4f1db1701f09177896a38e43fd0c693835f03b",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/4d4f1db1701f09177896a38e43fd0c693835f03b"
}
]
},
"source": {
"advisory": "eadcf7d2-a479-4901-abcc-1505d3f1b32f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0612",
"datePublished": "2022-02-16T05:40:09.000Z",
"dateReserved": "2022-02-15T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0502 (GCVE-0-2022-0502)
Vulnerability from cvelistv5 – Published: 2022-02-06 10:50 – Updated: 2024-08-02 23:32
VLAI
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/34f2aa30-de7f-432a-874… | x_refsource_CONFIRM |
| https://github.com/livehelperchat/livehelperchat/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:45.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/34f2aa30-de7f-432a-8749-b43d2774140f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/d3b107aaa8ec10816acc762d60e7321079c21706"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-06T10:50:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/34f2aa30-de7f-432a-8749-b43d2774140f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/d3b107aaa8ec10816acc762d60e7321079c21706"
}
],
"source": {
"advisory": "34f2aa30-de7f-432a-8749-b43d2774140f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0502",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/34f2aa30-de7f-432a-8749-b43d2774140f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/34f2aa30-de7f-432a-8749-b43d2774140f"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/d3b107aaa8ec10816acc762d60e7321079c21706",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/d3b107aaa8ec10816acc762d60e7321079c21706"
}
]
},
"source": {
"advisory": "34f2aa30-de7f-432a-8749-b43d2774140f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0502",
"datePublished": "2022-02-06T10:50:10.000Z",
"dateReserved": "2022-02-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:45.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0395 (GCVE-0-2022-0395)
Vulnerability from cvelistv5 – Published: 2022-01-28 21:31 – Updated: 2024-08-02 23:25
VLAI
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/36abbd6e-239e-4739-8c7… | x_refsource_CONFIRM |
| https://github.com/livehelperchat/livehelperchat/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/36abbd6e-239e-4739-8c77-ba212b946a4a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/8fdb4f67ac1a095331aa0fb4630ef9dfe8e75dcb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-28T21:31:31.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/36abbd6e-239e-4739-8c77-ba212b946a4a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/8fdb4f67ac1a095331aa0fb4630ef9dfe8e75dcb"
}
],
"source": {
"advisory": "36abbd6e-239e-4739-8c77-ba212b946a4a",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0395",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/36abbd6e-239e-4739-8c77-ba212b946a4a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/36abbd6e-239e-4739-8c77-ba212b946a4a"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/8fdb4f67ac1a095331aa0fb4630ef9dfe8e75dcb",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/8fdb4f67ac1a095331aa0fb4630ef9dfe8e75dcb"
}
]
},
"source": {
"advisory": "36abbd6e-239e-4739-8c77-ba212b946a4a",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0395",
"datePublished": "2022-01-28T21:31:31.000Z",
"dateReserved": "2022-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0394 (GCVE-0-2022-0394)
Vulnerability from cvelistv5 – Published: 2022-01-28 10:16 – Updated: 2025-06-09 15:00
VLAI
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/e13823d0-271c-448b-a0c… | x_refsource_CONFIRM |
| https://github.com/livehelperchat/livehelperchat/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/e13823d0-271c-448b-a0c5-8549ea7ea272"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/d7b85466c217b3750eaccc8703ce54ba8785c4d3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:00:44.563411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:00:58.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-28T10:16:27.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/e13823d0-271c-448b-a0c5-8549ea7ea272"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/d7b85466c217b3750eaccc8703ce54ba8785c4d3"
}
],
"source": {
"advisory": "e13823d0-271c-448b-a0c5-8549ea7ea272",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0394",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/e13823d0-271c-448b-a0c5-8549ea7ea272",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/e13823d0-271c-448b-a0c5-8549ea7ea272"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/d7b85466c217b3750eaccc8703ce54ba8785c4d3",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/d7b85466c217b3750eaccc8703ce54ba8785c4d3"
}
]
},
"source": {
"advisory": "e13823d0-271c-448b-a0c5-8549ea7ea272",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0394",
"datePublished": "2022-01-28T10:16:27.000Z",
"dateReserved": "2022-01-27T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:00:58.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0370 (GCVE-0-2022-0370)
Vulnerability from cvelistv5 – Published: 2022-01-27 05:55 – Updated: 2024-08-02 23:25
VLAI
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a… | x_refsource_CONFIRM |
| https://github.com/livehelperchat/livehelperchat/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-27T05:55:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb"
}
],
"source": {
"advisory": "fbe4b376-57ce-42cd-a9a9-049c4099b3ca",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0370",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb"
}
]
},
"source": {
"advisory": "fbe4b376-57ce-42cd-a9a9-049c4099b3ca",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0370",
"datePublished": "2022-01-27T05:55:09.000Z",
"dateReserved": "2022-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0387 (GCVE-0-2022-0387)
Vulnerability from cvelistv5 – Published: 2022-01-27 05:20 – Updated: 2024-08-02 23:25
VLAI
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/2e09035b-8f98-4930-b7e… | x_refsource_CONFIRM |
| https://github.com/livehelperchat/livehelperchat/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-27T05:20:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444"
}
],
"source": {
"advisory": "2e09035b-8f98-4930-b7e8-7abe5f722b98",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0387",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444"
}
]
},
"source": {
"advisory": "2e09035b-8f98-4930-b7e8-7abe5f722b98",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0387",
"datePublished": "2022-01-27T05:20:09.000Z",
"dateReserved": "2022-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0375 (GCVE-0-2022-0375)
Vulnerability from cvelistv5 – Published: 2022-01-26 09:30 – Updated: 2024-08-02 23:25
VLAI
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/livehelperchat/livehelperchat/… | x_refsource_MISC |
| https://huntr.dev/bounties/28e1c356-6eaa-4d93-af5… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/28e1c356-6eaa-4d93-af56-938e3b4d40a7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T09:30:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/28e1c356-6eaa-4d93-af56-938e3b4d40a7"
}
],
"source": {
"advisory": "28e1c356-6eaa-4d93-af56-938e3b4d40a7",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0375",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102"
},
{
"name": "https://huntr.dev/bounties/28e1c356-6eaa-4d93-af56-938e3b4d40a7",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/28e1c356-6eaa-4d93-af56-938e3b4d40a7"
}
]
},
"source": {
"advisory": "28e1c356-6eaa-4d93-af56-938e3b4d40a7",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0375",
"datePublished": "2022-01-26T09:30:10.000Z",
"dateReserved": "2022-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0374 (GCVE-0-2022-0374)
Vulnerability from cvelistv5 – Published: 2022-01-26 09:15 – Updated: 2024-08-02 23:25
VLAI
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/f8b560a6-aa19-4262-8ae… | x_refsource_CONFIRM |
| https://github.com/livehelperchat/livehelperchat/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.93v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f8b560a6-aa19-4262-8ae4-cf88204310ef"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.93v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T09:15:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f8b560a6-aa19-4262-8ae4-cf88204310ef"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102"
}
],
"source": {
"advisory": "f8b560a6-aa19-4262-8ae4-cf88204310ef",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0374",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.93v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/f8b560a6-aa19-4262-8ae4-cf88204310ef",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f8b560a6-aa19-4262-8ae4-cf88204310ef"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102"
}
]
},
"source": {
"advisory": "f8b560a6-aa19-4262-8ae4-cf88204310ef",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0374",
"datePublished": "2022-01-26T09:15:11.000Z",
"dateReserved": "2022-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0266 (GCVE-0-2022-0266)
Vulnerability from cvelistv5 – Published: 2022-01-19 05:20 – Updated: 2024-08-02 23:25
VLAI
Title
Authorization Bypass Through User-Controlled Key in livehelperchat/livehelperchat
Summary
Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v.
Severity
6.5 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/1ac267be-3af8-4774-89f… | x_refsource_CONFIRM |
| https://github.com/livehelperchat/livehelperchat/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 3.92v
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/1ac267be-3af8-4774-89f2-77234d144d6b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/cc1122aed0d1ad9f05757eaea2ab9e6a924776bd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "3.92v",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-19T05:20:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/1ac267be-3af8-4774-89f2-77234d144d6b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/cc1122aed0d1ad9f05757eaea2ab9e6a924776bd"
}
],
"source": {
"advisory": "1ac267be-3af8-4774-89f2-77234d144d6b",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0266",
"STATE": "PUBLIC",
"TITLE": "Authorization Bypass Through User-Controlled Key in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.92v"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/1ac267be-3af8-4774-89f2-77234d144d6b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/1ac267be-3af8-4774-89f2-77234d144d6b"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/cc1122aed0d1ad9f05757eaea2ab9e6a924776bd",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/cc1122aed0d1ad9f05757eaea2ab9e6a924776bd"
}
]
},
"source": {
"advisory": "1ac267be-3af8-4774-89f2-77234d144d6b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0266",
"datePublished": "2022-01-19T05:20:10.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0245 (GCVE-0-2022-0245)
Vulnerability from cvelistv5 – Published: 2022-01-18 05:15 – Updated: 2024-08-02 23:18
VLAI
Title
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0.
Severity
5.7 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/6a6aca72-32b7-45b3-a8b… | x_refsource_CONFIRM |
| https://github.com/livehelperchat/livehelperchat/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 2.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6a6aca72-32b7-45b3-a8ba-9b400b2d669c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/c2fa19afeb8b1ea927fea3fd452515c95f289fb9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-18T05:15:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6a6aca72-32b7-45b3-a8ba-9b400b2d669c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/c2fa19afeb8b1ea927fea3fd452515c95f289fb9"
}
],
"source": {
"advisory": "6a6aca72-32b7-45b3-a8ba-9b400b2d669c",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0245",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/6a6aca72-32b7-45b3-a8ba-9b400b2d669c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6a6aca72-32b7-45b3-a8ba-9b400b2d669c"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/c2fa19afeb8b1ea927fea3fd452515c95f289fb9",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/c2fa19afeb8b1ea927fea3fd452515c95f289fb9"
}
]
},
"source": {
"advisory": "6a6aca72-32b7-45b3-a8ba-9b400b2d669c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0245",
"datePublished": "2022-01-18T05:15:10.000Z",
"dateReserved": "2022-01-17T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:42.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0253 (GCVE-0-2022-0253)
Vulnerability from cvelistv5 – Published: 2022-01-17 13:15 – Updated: 2024-08-02 23:25
VLAI
Title
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Summary
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/ac7f7eba-ee0b-4a50-bd8… | x_refsource_CONFIRM |
| https://github.com/livehelperchat/livehelperchat/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , ≤ 3.91
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/407d0b1a1fa56fa6f824a19092774f10f4880437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThanOrEqual": "3.91",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-17T13:15:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/407d0b1a1fa56fa6f824a19092774f10f4880437"
}
],
"source": {
"advisory": "ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0253",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.91"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/407d0b1a1fa56fa6f824a19092774f10f4880437",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/407d0b1a1fa56fa6f824a19092774f10f4880437"
}
]
},
"source": {
"advisory": "ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0253",
"datePublished": "2022-01-17T13:15:09.000Z",
"dateReserved": "2022-01-17T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0226 (GCVE-0-2022-0226)
Vulnerability from cvelistv5 – Published: 2022-01-14 19:00 – Updated: 2024-08-02 23:18
VLAI
Title
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
Summary
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
Severity
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/635d0abf-7680-47f6-a27… | x_refsource_CONFIRM |
| https://github.com/livehelperchat/livehelperchat/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| livehelperchat | livehelperchat/livehelperchat |
Affected:
unspecified , < 2.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/635d0abf-7680-47f6-a277-d9a91471c73f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/f59ffb02984c0ce2fbb19ac39365066507de9370"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "livehelperchat/livehelperchat",
"vendor": "livehelperchat",
"versions": [
{
"lessThan": "2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-14T19:00:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/635d0abf-7680-47f6-a277-d9a91471c73f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/livehelperchat/livehelperchat/commit/f59ffb02984c0ce2fbb19ac39365066507de9370"
}
],
"source": {
"advisory": "635d0abf-7680-47f6-a277-d9a91471c73f",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0226",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/635d0abf-7680-47f6-a277-d9a91471c73f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/635d0abf-7680-47f6-a277-d9a91471c73f"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/f59ffb02984c0ce2fbb19ac39365066507de9370",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/f59ffb02984c0ce2fbb19ac39365066507de9370"
}
]
},
"source": {
"advisory": "635d0abf-7680-47f6-a277-d9a91471c73f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0226",
"datePublished": "2022-01-14T19:00:11.000Z",
"dateReserved": "2022-01-13T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:42.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}