Page 6 of 29 results (0.006 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) livehelperchat es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF) • https://github.com/livehelperchat/livehelperchat/commit/e7fe1aa6a087d4d21b2e8a0dadd2e08f42acbb57 https://huntr.dev/bounties/62408fa4-2c16-4fcd-8b34-41fcdccb779e • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO. Live Helper Chat versiones anteriores a 3.44v, permite un ataque de tipo XSS reflejado por medio de PATH_INFO de la función setsettingajax • https://github.com/LiveHelperChat/livehelperchat/commit/a131b937dd6a87271ed1c0c8b8deb8710cf78f58 https://github.com/rekter0/exploits/tree/master/CVE-2020-26134 https://livehelperchat.com/3.44v-security-update-and-few-other-bits-586a.html https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode. Live Helper Chat versiones anteriores a 3.44v, permite un ataque de tipo XSS almacenado en mensajes de chat con un operador mediante BBCode • https://github.com/LiveHelperChat/livehelperchat/commit/a131b937dd6a87271ed1c0c8b8deb8710cf78f58 https://github.com/rekter0/exploits/tree/master/CVE-2020-26134 https://livehelperchat.com/3.44v-security-update-and-few-other-bits-586a.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users. En Live Helper Chat versión 2.06v y anteriores, es vulnerable a un problema de tipo Cross-Site Scripting en el manejador del encabezado HTTP resultando en la ejecución de cualquier código Javascript provisto por el usuario en la sesión de otros usuarios. • https://www.compass-security.com/research/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •