Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Description
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Live Helper Chat before 3.93v is vulnerable to stored XSS via the logo image URL field in theme settings.
Vulnerability
A stored Cross-Site Scripting (XSS) vulnerability exists in Live Helper Chat versions prior to 3.93v. The flaw resides in the theme logo configuration, specifically in the file lhc_web/design/defaulttheme/tpl/pagelayouts/parts. The logo_image_url field is not properly sanitized before being rendered in the page, allowing an attacker to inject arbitrary JavaScript that executes in the context of any user viewing the affected page [1][2][3][4].
Exploitation
To exploit this vulnerability, an attacker must have administrative access to the theme settings in the Live Helper Chat backend. The attacker sets the logo_image_url field to a malicious payload (e.g., javascript:alert(1) or a crafted URL with an onerror handler). When the theme is saved, the payload is stored server-side. Any user visiting a chat page that loads the configured logo will trigger the malicious script [2][3][4].
Impact
Successful exploitation leads to stored Cross-Site Scripting (XSS), enabling the attacker to execute arbitrary JavaScript in the context of victims who view the compromised logo. This can result in session hijacking, defacement, or theft of sensitive information. The attacker gains the same privileges as the affected user, which may include administrative capabilities [1][3][4].
Mitigation
The vulnerability is fixed in Live Helper Chat version 3.93v. The commit 4d4f1db introduces the ng-non-bindable AngularJS attribute to the anchor element wrapping the logo image, preventing AngularJS from evaluating expressions in the attribute values [2][3]. Users should upgrade to version 3.93v or later. No workaround is available for earlier versions [4].
- GitHub - LiveHelperChat/livehelperchat: Live Helper Chat - live support for your website. Featuring web and mobile apps, Voice & Video & ScreenShare. Supports Telegram, Twilio (whatsapp), Facebook messenger including building a bot.
- Non bindable logo · LiveHelperChat/livehelperchat@4d4f1db
- NVD - CVE-2022-0612
- The world’s first bug bounty platform for AI/ML
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
remdex/livehelperchatPackagist | < 3.93 | 3.93 |
Affected products
3- osv-coords2 versions
< 3.92.0+ 1 more
- (no CPE)range: < 3.92.0
- (no CPE)range: < 3.93
- livehelperchat/livehelperchat/livehelperchatv5Range: unspecified
Patches
14d4f1db1701fNon bindable logo
2 files changed · +2 −2
lhc_web/design/defaulttheme/tpl/pagelayouts/parts/page_head_logo_back_office.tpl.php+1 −1 modified@@ -1 +1 @@ -<a rel="noreferrer" class="navbar-brand back-logo" href="<?php echo erLhcoreClassDesign::baseurl()?>" title="<?php echo htmlspecialchars(erLhcoreClassModelChatConfig::fetch('customer_company_name')->current_value)?>"><img class="img-fluid" src="<?php echo erLhcoreClassDesign::design('images/general/logo.png');?>" alt="<?php echo htmlspecialchars(erLhcoreClassModelChatConfig::fetch('customer_company_name')->current_value)?>" title="<?php echo htmlspecialchars(erLhcoreClassModelChatConfig::fetch('customer_company_name')->current_value)?>"></a> \ No newline at end of file +<a rel="noreferrer" ng-non-bindable class="navbar-brand back-logo" href="<?php echo erLhcoreClassDesign::baseurl()?>" title="<?php echo htmlspecialchars(erLhcoreClassModelChatConfig::fetch('customer_company_name')->current_value)?>"><img class="img-fluid" src="<?php echo erLhcoreClassDesign::design('images/general/logo.png');?>" alt="<?php echo htmlspecialchars(erLhcoreClassModelChatConfig::fetch('customer_company_name')->current_value)?>" title="<?php echo htmlspecialchars(erLhcoreClassModelChatConfig::fetch('customer_company_name')->current_value)?>"></a> \ No newline at end of file
lhc_web/design/defaulttheme/tpl/pagelayouts/parts/page_head_logo.tpl.php+1 −1 modified@@ -1 +1 @@ -<a rel="noreferrer" class="back-logo" href="<?php if (isset($Result['theme']) !== false && $Result['theme']->widget_copyright_url != '') : ?><?php echo htmlspecialchars($Result['theme']->widget_copyright_url) ?><?php else : ?><?php echo erLhcoreClassModelChatConfig::fetch('customer_site_url')->current_value?><?php endif;?>" target="_blank" title="<?php if (isset($Result['theme'])) : ?><?php echo htmlspecialchars($Result['theme']->name_company)?><?php else : ?><?php echo htmlspecialchars(erLhcoreClassModelChatConfig::fetch('customer_company_name')->current_value)?><?php endif;?>"><img class="img-fluid" src="<?php if (isset($Result['theme']) && $Result['theme']->logo_image_url !== false) : ?><?php echo $Result['theme']->logo_image_url;?><?php else : ?><?php echo erLhcoreClassDesign::design('images/general/logo_user.png');?><?php endif;?>" alt="<?php if (isset($Result['theme'])) : ?><?php echo htmlspecialchars($Result['theme']->name_company)?><?php else : ?><?php echo htmlspecialchars(erLhcoreClassModelChatConfig::fetch('customer_company_name')->current_value)?><?php endif;?>" title="<?php if (isset($Result['theme'])) : ?><?php echo htmlspecialchars($Result['theme']->name_company)?><?php else : ?><?php echo htmlspecialchars(erLhcoreClassModelChatConfig::fetch('customer_company_name')->current_value)?><?php endif;?>"></a> \ No newline at end of file +<a ng-non-bindable rel="noreferrer" class="back-logo" href="<?php if (isset($Result['theme']) !== false && $Result['theme']->widget_copyright_url != '') : ?><?php echo htmlspecialchars($Result['theme']->widget_copyright_url) ?><?php else : ?><?php echo erLhcoreClassModelChatConfig::fetch('customer_site_url')->current_value?><?php endif;?>" target="_blank" title="<?php if (isset($Result['theme'])) : ?><?php echo htmlspecialchars($Result['theme']->name_company)?><?php else : ?><?php echo htmlspecialchars(erLhcoreClassModelChatConfig::fetch('customer_company_name')->current_value)?><?php endif;?>"><img class="img-fluid" src="<?php if (isset($Result['theme']) && $Result['theme']->logo_image_url !== false) : ?><?php echo $Result['theme']->logo_image_url;?><?php else : ?><?php echo erLhcoreClassDesign::design('images/general/logo_user.png');?><?php endif;?>" alt="<?php if (isset($Result['theme'])) : ?><?php echo htmlspecialchars($Result['theme']->name_company)?><?php else : ?><?php echo htmlspecialchars(erLhcoreClassModelChatConfig::fetch('customer_company_name')->current_value)?><?php endif;?>" title="<?php if (isset($Result['theme'])) : ?><?php echo htmlspecialchars($Result['theme']->name_company)?><?php else : ?><?php echo htmlspecialchars(erLhcoreClassModelChatConfig::fetch('customer_company_name')->current_value)?><?php endif;?>"></a> \ No newline at end of file
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-h2fj-77wh-fh5wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-0612ghsaADVISORY
- github.com/livehelperchat/livehelperchat/commit/4d4f1db1701f09177896a38e43fd0c693835f03bghsax_refsource_MISCWEB
- huntr.dev/bounties/eadcf7d2-a479-4901-abcc-1505d3f1b32fghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.