Livehelperchat
Source repositories
CVEs (35)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-0083 | Med | 0.28 | 5.3 | 0.01 | Jan 4, 2022 | livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information | ||
| CVE-2021-4132 | Med | 0.28 | 5.4 | 0.01 | Dec 17, 2021 | livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||
| CVE-2022-0375 | Med | 0.24 | 4.8 | 0.01 | Jan 26, 2022 | Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v. | ||
| CVE-2022-0245 | Med | 0.21 | 4.3 | 0.00 | Jan 18, 2022 | Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0. | ||
| CVE-2022-0226 | Med | 0.21 | 4.3 | 0.00 | Jan 14, 2022 | livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | ||
| CVE-2026-27954 | 0.00 | — | 0.00 | Feb 26, 2026 | Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints (holdaction.php, blockuser.php, and transferchat.php) load chat objects by ID without calling… | |||
| CVE-2024-27516 | 0.00 | — | 0.01 | Feb 28, 2024 | Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php. | |||
| CVE-2022-0935 | Hig | 0.00 | 8.8 | 0.01 | Apr 7, 2022 | Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. | ||
| CVE-2022-1234 | Med | 0.00 | 6.1 | 0.01 | Apr 6, 2022 | XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device. | ||
| CVE-2022-1191 | Hig | 0.00 | 8.1 | 0.01 | Mar 31, 2022 | SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96. | ||
| CVE-2021-4176 | Med | 0.00 | 6.1 | 0.01 | Dec 29, 2021 | livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||
| CVE-2021-4175 | Med | 0.00 | 5.4 | 0.01 | Dec 29, 2021 | livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||
| CVE-2021-4179 | Med | 0.00 | 5.4 | 0.00 | Dec 28, 2021 | livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||
| CVE-2021-4177 | Med | 0.00 | 5.3 | 0.01 | Dec 28, 2021 | livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information | ||
| CVE-2021-4169 | Med | 0.00 | 6.1 | 0.01 | Dec 26, 2021 | livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
- risk 0.28cvss 5.3epss 0.01
livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information
- risk 0.28cvss 5.4epss 0.01
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- risk 0.24cvss 4.8epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
- risk 0.21cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0.
- risk 0.21cvss 4.3epss 0.00
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
- CVE-2026-27954Feb 26, 2026risk 0.00cvss —epss 0.00
Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints (holdaction.php, blockuser.php, and transferchat.php) load chat objects by ID without calling…
- CVE-2024-27516Feb 28, 2024risk 0.00cvss —epss 0.01
Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php.
- risk 0.00cvss 8.8epss 0.01
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.
- risk 0.00cvss 6.1epss 0.01
XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device.
- risk 0.00cvss 8.1epss 0.01
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.
- risk 0.00cvss 6.1epss 0.01
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- risk 0.00cvss 5.4epss 0.01
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- risk 0.00cvss 5.4epss 0.00
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- risk 0.00cvss 5.3epss 0.01
livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information
- risk 0.00cvss 6.1epss 0.01
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Page 2 of 2