CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4050 – Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
https://notcve.org/view.php?id=CVE-2021-4050
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') livehelperchat es vulnerable a una Neutralización inapropiada de la Entrada Durante la Generación de la Página Web ("Cross-site Scripting") • https://github.com/livehelperchat/livehelperchat/commit/0ce1dd2a13509747c240c8484228a5df8d6e03ec https://huntr.dev/bounties/27eb39d7-7636-4c4b-922c-a2f8fbe1ba05 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4049 – Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
https://notcve.org/view.php?id=CVE-2021-4049
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) livehelperchat es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF) • https://github.com/livehelperchat/livehelperchat/commit/e7fe1aa6a087d4d21b2e8a0dadd2e08f42acbb57 https://huntr.dev/bounties/62408fa4-2c16-4fcd-8b34-41fcdccb779e • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26135
https://notcve.org/view.php?id=CVE-2020-26135
Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO. Live Helper Chat versiones anteriores a 3.44v, permite un ataque de tipo XSS reflejado por medio de PATH_INFO de la función setsettingajax • https://github.com/LiveHelperChat/livehelperchat/commit/a131b937dd6a87271ed1c0c8b8deb8710cf78f58 https://github.com/rekter0/exploits/tree/master/CVE-2020-26134 https://livehelperchat.com/3.44v-security-update-and-few-other-bits-586a.html https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26134
https://notcve.org/view.php?id=CVE-2020-26134
Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode. Live Helper Chat versiones anteriores a 3.44v, permite un ataque de tipo XSS almacenado en mensajes de chat con un operador mediante BBCode • https://github.com/LiveHelperChat/livehelperchat/commit/a131b937dd6a87271ed1c0c8b8deb8710cf78f58 https://github.com/rekter0/exploits/tree/master/CVE-2020-26134 https://livehelperchat.com/3.44v-security-update-and-few-other-bits-586a.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000059
https://notcve.org/view.php?id=CVE-2017-1000059
Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users. En Live Helper Chat versión 2.06v y anteriores, es vulnerable a un problema de tipo Cross-Site Scripting en el manejador del encabezado HTTP resultando en la ejecución de cualquier código Javascript provisto por el usuario en la sesión de otros usuarios. • https://www.compass-security.com/research/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •