CVE-2022-1191
published 2022-03-31CVE-2022-1191: SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.
PriorityP340high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
0.94%
56.5th percentile
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| livehelperchat | live_helper_chat | < 3.96 | 3.96 |
| livehelperchat | live_helper_chat | < 3.97 | 3.97 |
| livehelperchat | livehelperchat_livehelperchat | >= unspecified < 3.67v | 3.67v |
| remdex | livehelperchat | >= 0 < 3.67 | 3.67 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvdv3.08.7HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:N
ghsa8.1HIGH
osv8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Server side request forgery in LiveHelperChat
ghsa·2022-04-06·CVSS 8.1
CVE-2022-1213 [HIGH] CWE-918 Server side request forgery in LiveHelperChat
Server side request forgery in LiveHelperChat
SSRF filter bypass port 80, 433 in LiveHelperChat prior to v3.67. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191
OSV
Server side request forgery in LiveHelperChat
osv·2022-04-06·CVSS 8.1
CVE-2022-1213 [HIGH] Server side request forgery in LiveHelperChat
Server side request forgery in LiveHelperChat
SSRF filter bypass port 80, 433 in LiveHelperChat prior to v3.67. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191
GHSA
GHSA-8m92-98p8-gpmh: SSRF on index
ghsa_unreviewed·2022-04-01
CVE-2022-1191 [HIGH] CWE-918 GHSA-8m92-98p8-gpmh: SSRF on index
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/livehelperchat/livehelperchat/commit/c41f283a2c1b46c42dd2af16ecbeaedd2fe1f5dfhttps://huntr.dev/bounties/7264a2e1-17e7-4244-93e4-49ec14f282b3https://github.com/livehelperchat/livehelperchat/commit/c41f283a2c1b46c42dd2af16ecbeaedd2fe1f5dfhttps://huntr.dev/bounties/7264a2e1-17e7-4244-93e4-49ec14f282b3
2022-03-31
Published