VYPR
← All advisories
Moderate severityNVD Advisory· Published Jan 26, 2022· Updated Aug 2, 2024

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

CVE-2022-0375

Description

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Stored XSS in LiveHelperChat prior to 3.93v allows attackers to execute arbitrary JavaScript via crafted chat messages.

Vulnerability

Stored Cross-Site Scripting (XSS) vulnerability in LiveHelperChat prior to version 3.93v [1]. The issue exists in the message display template where user-supplied chat messages are not properly sanitized before being rendered, allowing malicious HTML/JavaScript injection [2].

Exploitation

An attacker with the ability to send chat messages (e.g., a user or operator) can craft a message containing malicious JavaScript. When other users (including operators) view the chat history, the stored payload executes in their browser session. No special network position required beyond access to the chat system [2].

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the victim's browser, leading to potential session hijacking, data theft, defacement, or further attacks against the LiveHelperChat instance [2].

Mitigation

The vulnerability is fixed in LiveHelperChat version 3.93v and later. The fix is implemented in commit bbfaa26ce54a2a86ce1a42a16496038f5bdfc102 [3]. Users should upgrade to the latest version immediately. No workaround is provided in the references.

References
  1. GitHub - LiveHelperChat/livehelperchat: Live Helper Chat - live support for your website. Featuring web and mobile apps, Voice & Video & ScreenShare. Supports Telegram, Twilio (whatsapp), Facebook messenger including building a bot.
  2. NVD - CVE-2022-0375
  3. fx #1734 · LiveHelperChat/livehelperchat@bbfaa26

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
remdex/livehelperchatPackagist
< 3.933.93

Affected products

3

Patches

1
bbfaa26ce54a

fx #1734

https://github.com/livehelperchat/livehelperchatRemigijus KiminasJan 26, 2022via ghsa
commit
6 files changed · +43 74
  • lhc_web/design/defaulttheme/tpl/lhchat/lists/msg_obj_list_admin.tpl.php+6 43 modified
    @@ -1,45 +1,8 @@
-<?php 
-
-$lastOperatorChanged = false;
-$lastOperatorId = false;
-$lastOperatorNick = '';
-
-foreach ($messages as $msg) : 
-
-if ($lastOperatorId !== false && ($lastOperatorId != $msg->user_id || $lastOperatorNick != $msg->name_support)) {
-    $lastOperatorChanged = true;
-    $lastOperatorNick = $msg->name_support;
-} else {
-    $lastOperatorChanged = false;
+<?php
+$messagesDefault = [];
+foreach ($messages as $msg) {
+    $messagesDefault[] = $msg->getState();
 }
-
-$lastOperatorId = $msg->user_id;
-
-    if ($msg->meta_msg != '') {
-        $metaMessageData = json_decode($msg->meta_msg, true); $messageId = $msg->id;
-    } else if (isset($metaMessageData)) {
-        unset($metaMessageData);
-    }
-
+$messages = $messagesDefault;
 ?>
-<?php if ($msg->user_id == -1) : ?>
-	<div class="message-row system-response" id="msg-<?php echo $msg->id?>"><div class="msg-date"><?php echo date(erLhcoreClassModule::$dateDateHourFormat,$msg->time);?></div><i><span class="usr-tit sys-tit"><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('chat/syncadmin','System assistant')?></span><?php echo erLhcoreClassBBCode::make_clickable(htmlspecialchars($msg->msg))?></i></div>
-<?php else : ?>
-    <?php if ($msg->msg != '' ||
-        isset($metaMessageData['content']['text_conditional']) ||
-        isset($metaMessageData['content']['chat_operation']) ||
-        isset($metaMessageData['content']['html']['content']) ||
-        isset($metaMessageData['content']['button_message'])
-    ) : ?>
-        <div class="message-row<?php echo $msg->user_id == 0 ? ' response' : ' message-admin'.($lastOperatorChanged == true ? ' operator-changes' : '')?>" id="msg-<?php echo $msg->id?>"><div class="msg-date"><?php echo date(erLhcoreClassModule::$dateDateHourFormat,$msg->time);?></div><span class="usr-tit<?php echo $msg->user_id == 0 ? ' vis-tit' : ' op-tit'?>"><?php if ($msg->user_id == 0) : ?><i class="material-icons"><?php echo ($chat->device_type == 0 ? 'computer' : ($chat->device_type == 1 ? 'smartphone' : 'tablet'))?></i><?php endif;?><?php echo $msg->user_id == 0 ? htmlspecialchars($chat->nick) : htmlspecialchars($msg->name_support) ?></span>
-            <?php $msgBody = $msg->msg; $paramsMessageRender = array('sender' => $msg->user_id, 'html_as_text' => true);?>
-            <?php include(erLhcoreClassDesign::designtpl('lhchat/lists/msg_body.tpl.php'));?>
-
-            <?php if (isset($metaMessageData)) : ?>
-                <?php include(erLhcoreClassDesign::designtpl('lhgenericbot/message/meta_render_admin.tpl.php'));?>
-            <?php endif; ?>
-            
-        </div>
-    <?php endif;?>
-<?php endif;?>
-<?php endforeach;?>
\ No newline at end of file
+<?php include(erLhcoreClassDesign::designtpl('lhchat/syncadmin.tpl.php'));?>
\ No newline at end of file
  • lhc_web/design/defaulttheme/tpl/lhchat/lists/msg_obj_list.tpl.php+20 23 modified
    @@ -1,32 +1,29 @@
-<?php 
-
+<?php
 $lastOperatorChanged = false;
 $lastOperatorId = false;
+$lastOperatorNick = '';
 
-foreach ($messages as $msg ) : if ($msg->user_id > -1 || $msg->user_id == -2) : 
+$messagesStats = array(
+    'total_messages' => count($messages),
+    'counter_messages' => 0,
+);
 
-if ($lastOperatorId !== false && $lastOperatorId != $msg->user_id) {
-    $lastOperatorChanged = true;
-} else {
-    $lastOperatorChanged = false;
-}
+foreach ($messages as $msg) :
+    $msg = $msg->getState();
+    $messagesStats['counter_messages']++;
 
-$lastOperatorId = $msg->user_id;
+    if ($lastOperatorId !== false && ($lastOperatorId != $msg['user_id'] || $msg['name_support'] != $lastOperatorNick)) {
+        $lastOperatorChanged = true;
+        $lastOperatorNick = $msg['name_support'];
+    } else {
+        $lastOperatorChanged = false;
+    }
 
-if ($msg->meta_msg != '') {
-    $metaMessageData = json_decode($msg->meta_msg, true); $messageId = $msg->id;
-} else if (isset($metaMessageData)) {
-    unset($metaMessageData);
-}
+    $lastOperatorId = $msg['user_id'];
+    $lastOperatorNick = $msg['name_support'];
 
-?>
-<div class="message-row<?php echo $msg->user_id == 0 ? ' response' : ' message-admin'.($lastOperatorChanged == true ? ' operator-changes' : '')?>" id="msg-<?php echo $msg->id?>"><div class="msg-date"><?php echo date(erLhcoreClassModule::$dateDateHourFormat,$msg->time);?></div><span class="usr-tit<?php echo $msg->user_id == 0 ? ' vis-tit' : ' op-tit'?>"><?php echo $msg->user_id == 0 ? htmlspecialchars($chat->nick) : htmlspecialchars($msg->name_support) ?>:&nbsp;</span>
 
-    <?php $msgBody = $msg->msg; $paramsMessageRender = array('sender' => $msg->user_id);?>
-    <?php include(erLhcoreClassDesign::designtpl('lhchat/lists/msg_body.tpl.php'));?>
+    ?>
+    <?php include(erLhcoreClassDesign::designtpl('lhchat/lists/user_msg_row.tpl.php'));?>
+<?php endforeach; ?>
 
-    <?php if (isset($metaMessageData)) : ?>
-        <?php include(erLhcoreClassDesign::designtpl('lhgenericbot/message/meta_render.tpl.php'));?>
-    <?php endif; ?>
-</div>
-<?php endif; endforeach; ?>
\ No newline at end of file
  • lhc_web/design/defaulttheme/tpl/lhchat/messagelist/plain.tpl.php+13 1 modified
    @@ -1 +1,13 @@
-<?php foreach ($messages as $msg ) : ?><?php if (!isset($remove_meta) || $remove_meta == false ) :?>[<?php echo date(erLhcoreClassModule::$dateDateHourFormat,$msg->time);?>] [<?php echo $msg->user_id == 0 ? htmlspecialchars($chat->nick) : htmlspecialchars($msg->name_support) ?>] <?php endif;?><?php echo erLhcoreClassBBCodePlain::make_clickable($msg->msg, array('sender' => $msg->user_id)),"\n"?><?php endforeach; ?>
\ No newline at end of file
+<?php foreach ($messages as $msg ) :
+
+    if (isset($msg->meta_msg) && $msg->meta_msg != '') {
+        $metaMessageData = json_decode($msg->meta_msg, true); $messageId = isset($triggerMessageId) ? $triggerMessageId : $msg->id;
+    } else if (isset($metaMessageData)) {
+        unset($metaMessageData);
+    }
+
+    if (isset($metaMessageData['content']['whisper']) || empty($msg->msg)) {
+        continue;
+    }
+
+    ?><?php if (!isset($remove_meta) || $remove_meta == false ) :?>[<?php echo date(erLhcoreClassModule::$dateDateHourFormat,$msg->time);?>] [<?php echo $msg->user_id == 0 ? htmlspecialchars($chat->nick) : htmlspecialchars($msg->name_support) ?>] <?php endif;?><?php echo erLhcoreClassBBCodePlain::make_clickable($msg->msg, array('sender' => $msg->user_id)),"\n"?><?php endforeach; ?>
\ No newline at end of file
  • lhc_web/design/defaulttheme/tpl/lhform/collected.tpl.php+2 2 modified
    @@ -1,4 +1,4 @@
-<h1><?php echo htmlspecialchars($form)?></h1>

+<h1 ng-non-bindable><?php echo htmlspecialchars($form)?></h1>

 

 <div class="row pb-2">

 	<div class="col-6"><a href="<?php echo erLhcoreClassDesign::baseurl('form/downloadcollected')?>/<?php echo $form->id?>" class="btn btn-secondary"><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('form/collected','Download XLS');?></a></div>

@@ -12,7 +12,7 @@
 	</div>

 </div>

 

-<table class="table" cellpadding="0" cellspacing="0">

+<table class="table" cellpadding="0" cellspacing="0" ng-non-bindable>

 <thead>

 <tr>

     <th><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('form/collected','Name');?></th>
  • lhc_web/design/defaulttheme/tpl/lhtheme/admincss.tpl.php+1 1 modified
    @@ -182,7 +182,7 @@
 <?php endif; ?>
 
 <?php if (isset($cssAttributes['buble_operator_background']) || isset($cssAttributes['buble_operator_text_color'])) : ?>
-    div.message-admin div.msg-body{
+    div.message-admin:not(.whisper-msg) div.msg-body{
         <?php if (isset($cssAttributes['buble_operator_background'])) : ?>background-color: #<?php echo $cssAttributes['buble_operator_background'];?>;<?php endif; ?>
         <?php if (isset($cssAttributes['buble_operator_text_color'])) : ?>color: #<?php echo $cssAttributes['buble_operator_text_color'];?>;<?php endif; ?>
     }
  • lhc_web/design/defaulttheme/tpl/lhtheme/adminthemeedit.tpl.php+1 4 modified
    @@ -1,8 +1,5 @@
-<div class="row">
+<div class="row" ng-non-bindable>
     <div class="col-10"><h1><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('admintheme/form','Edit theme');?> - <?php echo htmlspecialchars($form->name)?></h1></div>
-    <?php /*?><div class="col-2">
-        <a class="btn btn-secondary" href="?export=1"><i class="material-icons mr-0">file_download</i></a>
-    </div>*/ ?>
 </div>
 
 <form action="<?php echo erLhcoreClassDesign::baseurl('theme/adminthemeedit')?>/<?php echo $form->id?>" method="post" autocomplete="off" enctype="multipart/form-data">

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.