CVE-2022-1530
published 2022-04-29CVE-2022-1530: Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application.
PriorityP424medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.62%
45.3th percentile
Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| livehelperchat | live_helper_chat | < 3.99 | 3.99 |
| livehelperchat | livehelperchat_livehelperchat | >= unspecified < 3.99v | 3.99v |
| remdex | livehelperchat | >= 0 < 3.99 | 3.99 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.03.8LOWCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
An attacker can execute malicious javascript in Live Helper Chat
osv·2022-04-30
CVE-2022-1530 [MEDIUM] An attacker can execute malicious javascript in Live Helper Chat
An attacker can execute malicious javascript in Live Helper Chat
Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious javascript on application.
GHSA
An attacker can execute malicious javascript in Live Helper Chat
ghsa·2022-04-30
CVE-2022-1530 [MEDIUM] CWE-79 An attacker can execute malicious javascript in Live Helper Chat
An attacker can execute malicious javascript in Live Helper Chat
Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious javascript on application.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities
blogs_talos·2022-12-01·CVSS 6.5
CVE-2022-32573 [MEDIUM] Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities
Cisco Talos recently discovered several directory traversal and cross-site scripting vulnerabilities in Lansweeper.
Lansweeper is an IT Asset Management solution that gathers hardware and software information of computers and other devices on a computer network for management, compliance and audit purposes.
Talos has identified two directory traversal vulnerabilities that can lead to arbitrary file upload: TALOS-2022-1528 (CVE-2022-32573) and TALOS-2022-1529 (CVE-2022-29517). Two other vulnerabilities exist where directory traversal can lead to arbitrary file read: TALOS-2022-1530 (CVE-2022-29511) and TALOS-2022-1531 (CVE-2022-27498). An attacker can send an HTTP request to trigger these vulnerabilities.
Both TALOS-2022-1532 (CVE-2022-28703) and TALOS-2022-1541 (CVE-2022-32763) are cros
Talos
Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities
blogs_talos·2022-12-01·CVSS 6.5
[MEDIUM] Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities
## Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities
Cisco Talos recently discovered several directory traversal and cross-site scripting vulnerabilities in Lansweeper.
Lansweeper is an IT Asset Management solution that gathers hardware and software information of computers and other devices on a computer network for management, compliance and audit purposes.
Talos has identified two directory traversal vulnerabilities that can lead to arbitrary file upload: TALOS-2022-1528 (CVE-2022-32573) and TALOS-2022-1529 (CVE-2022-29517). Two other vulnerabilities exist where directory traversal can lead to arbitrary file read: TALOS-2022-1530 (CVE-2022-29511) and TALOS-2022-1531 (CVE-2022-27498). An attacker can send an HTTP request to trigger these
https://github.com/livehelperchat/livehelperchat/commit/edef7a8387be718d0de2dfd1e722789afb0461bchttps://huntr.dev/bounties/8fd8de01-7e83-4324-9cc8-a97acb9b70d6https://github.com/livehelperchat/livehelperchat/commit/edef7a8387be718d0de2dfd1e722789afb0461bchttps://huntr.dev/bounties/8fd8de01-7e83-4324-9cc8-a97acb9b70d6
2022-04-29
Published