CVE-2022-0370
published 2022-01-27CVE-2022-0370: Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.77%
50.9th percentile
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| livehelperchat | livehelperchat | < 3.93v | 3.93v |
| livehelperchat | livehelperchat_livehelperchat | >= unspecified < 3.93v | 3.93v |
| remdex | livehelperchat | >= 0 < 3.93 | 3.93 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.07.1HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cross-site Scripting in livehelperchat
osv·2022-01-28
CVE-2022-0370 [MEDIUM] Cross-site Scripting in livehelperchat
Cross-site Scripting in livehelperchat
Stored XSS is found in Settings>Live help configuration>Personal Theme>static content. Under the NAME field put a payload {{constructor.constructor('alert(1)')()}} while creating content, and you will see that the input gets stored, and every time the user visits, the payload gets executed.
GHSA
Cross-site Scripting in livehelperchat
ghsa·2022-01-28
CVE-2022-0370 [MEDIUM] CWE-79 Cross-site Scripting in livehelperchat
Cross-site Scripting in livehelperchat
Stored XSS is found in Settings>Live help configuration>Personal Theme>static content. Under the NAME field put a payload {{constructor.constructor('alert(1)')()}} while creating content, and you will see that the input gets stored, and every time the user visits, the payload gets executed.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdbhttps://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3cahttps://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdbhttps://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca
2022-01-27
Published