VYPR
Vendor

Live Helper Chat

Products
1
CVEs
13
Across products
13
Status
Private

Products

1

Recent CVEs

13
  • CVE-2026-44633HigMay 14, 2026
    risk 0.53cvss 8.1epss 0.00

    Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object…

  • CVE-2026-0483MedJan 28, 2026
    risk 0.45cvss epss 0.00

    Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user's context when they download and open the…

  • CVE-2017-1000059MedJul 17, 2017
    risk 0.40cvss 6.1epss 0.01

    Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users.

  • CVE-2025-51403MedJul 21, 2025
    risk 0.03cvss 6.5epss 0.02

    A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter.

  • CVE-2025-51401MedJul 21, 2025
    risk 0.03cvss 5.4epss 0.01

    A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter.

  • CVE-2025-51400MedJul 21, 2025
    risk 0.03cvss 5.4epss 0.01

    A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.

  • CVE-2025-51398MedJul 21, 2025
    risk 0.03cvss 5.4epss 0.01

    A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.

  • CVE-2025-51397MedJul 21, 2025
    risk 0.03cvss 5.4epss 0.01

    A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists.

  • CVE-2025-51396MedJul 21, 2025
    risk 0.03cvss 5.4epss 0.01

    A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter.

  • CVE-2026-27954Feb 26, 2026
    risk 0.00cvss epss 0.00

    Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints (holdaction.php, blockuser.php, and transferchat.php) load chat objects by ID without calling…

  • CVE-2020-26135MedOct 2, 2020
    risk 0.00cvss 6.1epss 0.01

    Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO.

  • CVE-2020-26134MedOct 2, 2020
    risk 0.00cvss 6.1epss 0.01

    Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode.

  • CVE-2006-2394May 16, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in chat.php in PHP Live Helper allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter.