VYPR
← All advisories
Moderate severityNVD Advisory· Published Feb 6, 2022· Updated Aug 2, 2024

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

CVE-2022-0502

Description

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Stored XSS in LiveHelperChat prior to 3.93v allows attackers to inject arbitrary JavaScript via crafted canned messages.

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in LiveHelperChat versions prior to 3.93v. The flaw resides in the canned messages feature, where user-supplied input is not properly sanitized before being rendered in the administrative interface. Specifically, the cannedmsg template and related controllers fail to escape output, allowing an attacker to inject malicious HTML and JavaScript. This affects all installations running a version older than 3.93v [1][2][3].

Exploitation

An attacker must have the ability to create or edit canned messages, which typically requires operator or administrator privileges within the LiveHelperChat application. By crafting a canned message containing a malicious payload (e.g., ``), the attacker can store the payload in the database. When other operators or administrators view the list of canned messages, the payload executes in their browser context. No additional user interaction beyond viewing the affected page is required [2][4].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's session. This can lead to session hijacking, theft of sensitive data (e.g., chat transcripts, user credentials), defacement of the administrative interface, or further attacks against other users. The impact is limited to users with access to the canned messages management pages, but given the administrative nature of those users, the compromise can be severe [3][4].

Mitigation

The vulnerability is fixed in LiveHelperChat version 3.93v. Users should upgrade to this version or later immediately. The fix is implemented in commit d3b107aaa8ec10816acc762d60e7321079c21706, which properly escapes output in the canned message templates [2]. No workarounds are available for earlier versions. The CVE is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date [3].

References
  1. GitHub - LiveHelperChat/livehelperchat: Live Helper Chat - live support for your website. Featuring web and mobile apps, Voice & Video & ScreenShare. Supports Telegram, Twilio (whatsapp), Facebook messenger including building a bot.
  2. Canned messages fixes · LiveHelperChat/livehelperchat@d3b107a
  3. NVD - CVE-2022-0502
  4. The world’s first bug bounty platform for AI/ML

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
remdex/livehelperchatPackagist
< 3.933.93

Affected products

3

Patches

1
d3b107aaa8ec

Canned messages fixes

https://github.com/livehelperchat/livehelperchatRemigijus KiminasFeb 6, 2022via ghsa
commit
2 files changed · +4 4
  • lhc_web/design/defaulttheme/tpl/lhchat/cannedmsgform.tpl.php+1 1 modified
    @@ -3,7 +3,7 @@
     var languageDialects = <?php echo json_encode(array_values(erLhcoreClassModelSpeechLanguageDialect::getDialectsGrouped()))?>;

 </script>

 

-<div id="canned-controller" ng-controller="CannedMsgCtrl as cmsg" ng-cloak ng-init='cmsg.initController()<?php if ($canned_message->languages != '') : ?>cmsg.initLanguage(<?php echo $canned_message->id?>);<?php endif;?>'>

+<div id="canned-controller" ng-controller="CannedMsgCtrl as cmsg" ng-cloak ng-init='cmsg.initController();<?php if ($canned_message->languages != '') : ?>cmsg.initLanguage(<?php echo $canned_message->id?>);<?php endif;?>'>

 

 <ul class="nav nav-pills" role="tablist" id="canned-main-tabs">

     <li role="presentation" class="nav-item" ><a class="nav-link active" href="#main" aria-controls="main" role="tab" data-toggle="tab" ><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('chat/cannedmsg','Main');?></a></li>
  • lhc_web/design/defaulttheme/tpl/lhuser/parts/canned_messages.tpl.php+3 3 modified
    @@ -66,7 +66,7 @@
     var languageDialects = <?php echo json_encode(array_values(erLhcoreClassModelSpeechLanguageDialect::getDialectsGrouped()))?>;

 </script>

 

-<form ng-controller="CannedMsgCtrl as cmsg" ng-init='cmsg.iniController();<?php if ($canned_msg->languages != '') : ?>cmsg.initLanguage(<?php echo ($canned_msg->id > 0 ? $canned_msg->id : 0)?>);<?php endif;?>' action="<?php if ($canned_msg->id > 0) : ?><?php echo erLhcoreClassDesign::baseurl('user/account')?>/(tab)/canned/(msg)/<?php echo $canned_msg->id?><?php endif;?>#canned" method="post">

+<form ng-controller="CannedMsgCtrl as cmsg" ng-init='cmsg.initController();<?php if ($canned_msg->languages != '') : ?>cmsg.initLanguage(<?php echo ($canned_msg->id > 0 ? $canned_msg->id : 0)?>);<?php endif;?>' action="<?php if ($canned_msg->id > 0) : ?><?php echo erLhcoreClassDesign::baseurl('user/account')?>/(tab)/canned/(msg)/<?php echo $canned_msg->id?><?php endif;?>#canned" method="post">

 

     <ul class="nav nav-pills" role="tablist" id="canned-main-tabs">

         <li class="nav-item" role="presentation" ><a class="nav-link active"href="#main" aria-controls="main" role="tab" data-toggle="tab" ><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('user/account','Main');?></a></li>

@@ -118,13 +118,13 @@
                         <label><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('chat/cannedmsg','Message');?>*</label>

                         <?php $bbcodeOptions = array('selector' => '#canned-message'); ?>

                         <?php include(erLhcoreClassDesign::designtpl('lhbbcode/toolbar.tpl.php')); ?>

-                        <textarea class="form-control" rows="5" name="Message" id="canned-message"><?php echo htmlspecialchars($canned_msg->msg);?></textarea>

+                        <textarea class="form-control" ng-non-bindable rows="5" name="Message" id="canned-message"><?php echo htmlspecialchars($canned_msg->msg);?></textarea>

                     </div>

                     <div class="form-group">

                         <label><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('chat/cannedmsg','Fallback message');?></label>

                         <?php $bbcodeOptions = array('selector' => '#id-FallbackMessage'); ?>

                         <?php include(erLhcoreClassDesign::designtpl('lhbbcode/toolbar.tpl.php')); ?>

-                        <textarea class="form-control" rows="5" name="FallbackMessage" id="id-FallbackMessage"><?php echo htmlspecialchars($canned_msg->fallback_msg);?></textarea>

+                        <textarea class="form-control" ng-non-bindable rows="5" name="FallbackMessage" id="id-FallbackMessage"><?php echo htmlspecialchars($canned_msg->fallback_msg);?></textarea>

                     </div>

                 </div>

                 <?php $canned_message = $canned_msg; ?>

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.