Livehelperchat Livehelperchat vulnerabilities
30 known vulnerabilities affecting livehelperchat/livehelperchat_livehelperchat.
Total CVEs
30
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM25
Vulnerabilities
Page 1 of 2
CVE-2021-4169P4MEDIUMCVSS 6.1PoC≥ unspecified, ≤ 3.902021-12-26
CVE-2021-4169 [MEDIUM] CWE-79 CVE-2021-4169: livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
nvd
CVE-2022-0935P3HIGHCVSS 8.8≥ unspecified, < 3.972022-04-07
CVE-2022-0935 [HIGH] CWE-840 CVE-2022-0935: Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.
nvd
CVE-2022-1191P3HIGHCVSS 8.1≥ unspecified, < 3.67v2022-03-31
CVE-2022-1191 [HIGH] CWE-918 CVE-2022-1191: SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.9
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.
nvd
CVE-2022-1176P3HIGHCVSS 7.5≥ unspecified, < 3.962022-03-31
CVE-2022-1176 [HIGH] CWE-843 CVE-2022-1176: Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelpercha
Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.
nvd
CVE-2022-1235P3HIGHCVSS 8.2≥ unspecified, < 3.962022-04-05
CVE-2022-1235 [HIGH] CWE-916 CVE-2022-1235: Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96
Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.
nvd
CVE-2021-4131P4HIGHCVSS 8.8≥ unspecified, < 2.02021-12-18
CVE-2021-4131 [HIGH] CWE-352 CVE-2021-4131: livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
nvd
CVE-2022-0266P4MEDIUMCVSS 6.6≥ unspecified, < 3.92v2022-01-19
CVE-2022-0266 [MEDIUM] CWE-639 CVE-2022-0266: Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v.
Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v.
nvd
CVE-2022-0231P4MEDIUMCVSS 6.5≥ unspecified, ≤ 3.912022-01-14
CVE-2022-0231 [MEDIUM] CWE-352 CVE-2022-0231: livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
nvd
CVE-2021-4123P4MEDIUMCVSS 6.5≥ unspecified, < 2.02021-12-16
CVE-2021-4123 [MEDIUM] CWE-352 CVE-2021-4123: livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
nvd
CVE-2022-1234P4MEDIUMCVSS 6.1≥ unspecified, < 3.972022-04-06
CVE-2022-1234 [MEDIUM] CWE-79 CVE-2022-1234: XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnera
XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device.
nvd
CVE-2021-4049P4MEDIUMCVSS 6.5≥ unspecified, < 2.02021-12-07
CVE-2021-4049 [MEDIUM] CWE-352 CVE-2021-4049: livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
nvd
CVE-2022-1530P4MEDIUMCVSS 6.1≥ unspecified, < 3.99v2022-04-29
CVE-2022-1530 [MEDIUM] CWE-79 CVE-2022-1530: Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The at
Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application.
nvd
CVE-2022-0370P4MEDIUMCVSS 5.4≥ unspecified, < 3.93v2022-01-27
CVE-2022-0370 [MEDIUM] CWE-79 CVE-2022-0370: Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
nvd
CVE-2022-0374P4MEDIUMCVSS 5.4≥ unspecified, < 3.93v2022-01-26
CVE-2022-0374 [MEDIUM] CWE-79 CVE-2022-0374: Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
nvd
CVE-2022-0395P4MEDIUMCVSS 5.4≥ unspecified, < 3.93v2022-01-28
CVE-2022-0395 [MEDIUM] CWE-79 CVE-2022-0395: Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
nvd
CVE-2022-0387P4MEDIUMCVSS 5.4≥ unspecified, < 3.93v2022-01-27
CVE-2022-0387 [MEDIUM] CWE-79 CVE-2022-0387: Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
nvd
CVE-2022-0502P4MEDIUMCVSS 5.4≥ unspecified, < 3.93v2022-02-06
CVE-2022-0502 [MEDIUM] CWE-79 CVE-2022-0502: Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
nvd
CVE-2022-0612P4MEDIUMCVSS 5.4≥ unspecified, < 3.93v2022-02-16
CVE-2022-0612 [MEDIUM] CWE-79 CVE-2022-0612: Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
nvd
CVE-2022-0394P4MEDIUMCVSS 5.4≥ unspecified, < 3.93v2022-01-28
CVE-2022-0394 [MEDIUM] CWE-79 CVE-2022-0394: Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
nvd
CVE-2021-4050P4MEDIUMCVSS 6.1≥ unspecified, < 2.02021-12-08
CVE-2021-4050 [MEDIUM] CWE-79 CVE-2021-4050: livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
nvd
1 / 2Next →