Livehelperchat Live_helper_chat
38 CVEs affecting Livehelperchat Live_helper_chat. Latest disclosed: 2026-02-26. Critical: 1, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-27516 | Critical | 9.8 | 2024-02-29 | Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive info… |
CVE-2022-0935 | High | 8.8 | 2022-04-07 | Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. |
CVE-2021-4131 | High | 8.8 | 2021-12-18 | livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) |
CVE-2022-1235 | High | 8.2 | 2022-04-05 | Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96. |
CVE-2022-1213 | High | 8.1 | 2022-04-05 | SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary req… |
CVE-2022-1191 | High | 8.1 | 2022-03-31 | SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96. |
CVE-2022-1176 | High | 7.5 | 2022-03-31 | Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96. |
CVE-2022-0266 | Medium | 6.6 | 2022-01-19 | Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v. |
CVE-2026-27954 | Medium | 6.5 | 2026-02-26 | Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints (holdacti… |
CVE-2025-51403 | Medium | 6.5 | 2025-07-21 | A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrar… |
CVE-2022-0231 | Medium | 6.5 | 2022-01-14 | livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) |
CVE-2021-4123 | Medium | 6.5 | 2021-12-16 | livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) |
CVE-2021-4049 | Medium | 6.5 | 2021-12-07 | livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) |
CVE-2022-1530 | Medium | 6.1 | 2022-04-29 | Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application. |
CVE-2022-1234 | Medium | 6.1 | 2022-04-06 | XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in comp… |
CVE-2021-4176 | Medium | 6.1 | 2021-12-29 | livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
CVE-2021-4169 | Medium | 6.1 | 2021-12-26 | livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
CVE-2021-4050 | Medium | 6.1 | 2021-12-08 | livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
CVE-2020-26135 | Medium | 6.1 | 2020-10-02 | Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO. |
CVE-2020-26134 | Medium | 6.1 | 2020-10-02 | Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode. |