Livehelperchat Live_helper_chat

38 CVEs affecting Livehelperchat Live_helper_chat. Latest disclosed: 2026-02-26. Critical: 1, High: 6.

Top CVEs affecting Livehelperchat Live_helper_chat
CVESeverityScorePublishedSummary
CVE-2024-27516Critical9.82024-02-29Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive info…
CVE-2022-0935High8.82022-04-07Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.
CVE-2021-4131High8.82021-12-18livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2022-1235High8.22022-04-05Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.
CVE-2022-1213High8.12022-04-05SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary req…
CVE-2022-1191High8.12022-03-31SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.
CVE-2022-1176High7.52022-03-31Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.
CVE-2022-0266Medium6.62022-01-19Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v.
CVE-2026-27954Medium6.52026-02-26Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints (holdacti…
CVE-2025-51403Medium6.52025-07-21A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrar…
CVE-2022-0231Medium6.52022-01-14livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4123Medium6.52021-12-16livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4049Medium6.52021-12-07livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2022-1530Medium6.12022-04-29Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application.
CVE-2022-1234Medium6.12022-04-06XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in comp…
CVE-2021-4176Medium6.12021-12-29livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4169Medium6.12021-12-26livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4050Medium6.12021-12-08livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-26135Medium6.12020-10-02Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO.
CVE-2020-26134Medium6.12020-10-02Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode.