cbcvebase.

Livehelperchat Live Helper Chat vulnerabilities

37 known vulnerabilities affecting livehelperchat/live_helper_chat.

Total CVEs
37
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH6MEDIUM30

Vulnerabilities

Page 1 of 2
CVE-2025-51403P3MEDIUMCVSS 6.5PoC≤ 4.612025-07-21
CVE-2025-51403 [MEDIUM] CWE-79 CVE-2025-51403: A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter.
nvd
CVE-2021-4169P4MEDIUMCVSS 6.1PoC≤ 3.902021-12-26
CVE-2021-4169 [MEDIUM] CWE-79 CVE-2021-4169: livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross- livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
nvd
CVE-2024-27516P3CRITICALCVSS 9.8fixed in 4.342024-02-29
CVE-2024-27516 [CRITICAL] CWE-78 CVE-2024-27516: Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote at Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php.
nvd
CVE-2025-51400P4MEDIUMCVSS 5.4PoC≤ 4.612025-07-21
CVE-2025-51400 [MEDIUM] CWE-79 CVE-2025-51400: A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Cha A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.
nvd
CVE-2025-51401P4MEDIUMCVSS 5.4PoC≤ 4.612025-07-21
CVE-2025-51401 [MEDIUM] CWE-79 CVE-2025-51401: A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter.
nvd
CVE-2025-51396P4MEDIUMCVSS 5.4PoC≤ 4.612025-07-21
CVE-2025-51396 [MEDIUM] CWE-79 CVE-2025-51396: A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to exec A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter.
nvd
CVE-2025-51398P4MEDIUMCVSS 5.4PoC≤ 4.612025-07-21
CVE-2025-51398 [MEDIUM] CWE-79 CVE-2025-51398: A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper C A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
nvd
CVE-2025-51397P4MEDIUMCVSS 5.4PoC≤ 4.612025-07-21
CVE-2025-51397 [MEDIUM] CWE-779 CVE-2025-51397: A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4 A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists.
nvd
CVE-2022-1213P3HIGHCVSS 8.1fixed in 3.972022-04-05
CVE-2022-1213 [HIGH] CVE-2022-1213: SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. A SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191
nvd
CVE-2022-0935P3HIGHCVSS 8.8fixed in 3.972022-04-07
CVE-2022-0935 [HIGH] CWE-840 CVE-2022-0935: Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.
nvd
CVE-2022-1191P3HIGHCVSS 8.1fixed in 3.962022-03-31
CVE-2022-1191 [HIGH] CWE-918 CVE-2022-1191: SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.9 SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.
nvd
CVE-2026-27954P3MEDIUMCVSS 6.5≤ 4.522026-02-26
CVE-2026-27954 [MEDIUM] CWE-862 CVE-2026-27954: Live Helper Chat is an open-source application that enables live support websites. In versions up to Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints (holdaction.php, blockuser.php, and transferchat.php) load chat objects by ID without calling `erLhcoreClassChat::hasAccessToRead()`, allowing operators to act on chats in departments they are not assig
nvd
CVE-2022-1176P3HIGHCVSS 7.5fixed in 3.962022-03-31
CVE-2022-1176 [HIGH] CWE-843 CVE-2022-1176: Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelpercha Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.
nvd
CVE-2022-1235P3HIGHCVSS 8.2fixed in 3.962022-04-05
CVE-2022-1235 [HIGH] CWE-916 CVE-2022-1235: Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96 Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.
nvd
CVE-2021-4131P4HIGHCVSS 8.8fixed in 2.02021-12-18
CVE-2021-4131 [HIGH] CWE-352 CVE-2021-4131: livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
nvd
CVE-2022-0266P4MEDIUMCVSS 6.6fixed in 3.922022-01-19
CVE-2022-0266 [MEDIUM] CWE-639 CVE-2022-0266: Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v. Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v.
nvd
CVE-2022-0231P4MEDIUMCVSS 6.5≤ 3.912022-01-14
CVE-2022-0231 [MEDIUM] CWE-352 CVE-2022-0231: livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
nvd
CVE-2021-4123P4MEDIUMCVSS 6.5fixed in 2.02021-12-16
CVE-2021-4123 [MEDIUM] CWE-352 CVE-2021-4123: livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
nvd
CVE-2022-1234P4MEDIUMCVSS 6.1fixed in 3.972022-04-06
CVE-2022-1234 [MEDIUM] CWE-79 CVE-2022-1234: XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnera XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device.
nvd
CVE-2021-4049P4MEDIUMCVSS 6.5fixed in 2.02021-12-07
CVE-2021-4049 [MEDIUM] CWE-352 CVE-2021-4049: livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
nvd
Livehelperchat Live Helper Chat vulnerabilities | cvebase