Live Helper Chat
Products
1- 13 CVEs
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44633 | Hig | 0.53 | 8.1 | 0.00 | May 14, 2026 | Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object… | ||
| CVE-2026-0483 | Med | 0.45 | — | 0.00 | Jan 28, 2026 | Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user's context when they download and open the… | ||
| CVE-2017-1000059 | Med | 0.40 | 6.1 | 0.01 | Jul 17, 2017 | Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users. | ||
| CVE-2025-51403 | Med | 0.03 | 6.5 | 0.02 | Jul 21, 2025 | A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter. | ||
| CVE-2025-51401 | Med | 0.03 | 5.4 | 0.01 | Jul 21, 2025 | A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter. | ||
| CVE-2025-51400 | Med | 0.03 | 5.4 | 0.01 | Jul 21, 2025 | A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. | ||
| CVE-2025-51398 | Med | 0.03 | 5.4 | 0.01 | Jul 21, 2025 | A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter. | ||
| CVE-2025-51397 | Med | 0.03 | 5.4 | 0.01 | Jul 21, 2025 | A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists. | ||
| CVE-2025-51396 | Med | 0.03 | 5.4 | 0.01 | Jul 21, 2025 | A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter. | ||
| CVE-2026-27954 | 0.00 | — | 0.00 | Feb 26, 2026 | Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints (holdaction.php, blockuser.php, and transferchat.php) load chat objects by ID without calling… | |||
| CVE-2020-26135 | Med | 0.00 | 6.1 | 0.01 | Oct 2, 2020 | Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO. | ||
| CVE-2020-26134 | Med | 0.00 | 6.1 | 0.01 | Oct 2, 2020 | Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode. | ||
| CVE-2006-2394 | 0.00 | — | 0.01 | May 16, 2006 | Cross-site scripting (XSS) vulnerability in chat.php in PHP Live Helper allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter. |
- risk 0.53cvss 8.1epss 0.00
Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object…
- risk 0.45cvss —epss 0.00
Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user's context when they download and open the…
- risk 0.40cvss 6.1epss 0.01
Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users.
- risk 0.03cvss 6.5epss 0.02
A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter.
- risk 0.03cvss 5.4epss 0.01
A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter.
- risk 0.03cvss 5.4epss 0.01
A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.
- risk 0.03cvss 5.4epss 0.01
A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
- risk 0.03cvss 5.4epss 0.01
A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists.
- risk 0.03cvss 5.4epss 0.01
A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter.
- CVE-2026-27954Feb 26, 2026risk 0.00cvss —epss 0.00
Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints (holdaction.php, blockuser.php, and transferchat.php) load chat objects by ID without calling…
- risk 0.00cvss 6.1epss 0.01
Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO.
- risk 0.00cvss 6.1epss 0.01
Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode.
- CVE-2006-2394May 16, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in chat.php in PHP Live Helper allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter.