Vulnerabilities for Live helper chat (...) - CXSECURITY.COM

Vulnerabilities for 'Live helper chat'

2022-04-29

CVE-2022-1530

CWE-79

Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious JS on Application :)

2022-04-07

CVE-2022-0935

CWE-116

Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.

2022-04-06

CVE-2022-1234

CWE-79

XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user??�??�??s device.

2022-04-05

CVE-2022-1235

CWE-916

Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.

CVE-2022-1213

CWE-918

SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191

2022-03-31

CVE-2022-1176

CWE-843

Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.

CVE-2022-1191

CWE-918

SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.

2022-02-16

CVE-2022-0612

CWE-79

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.

2022-02-06

CVE-2022-0502

CWE-79

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.

2022-01-28

CVE-2022-0395

CWE-79

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.

Copyright 2024, cxsecurity.com