CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1530 – Cross-site Scripting (XSS) in livehelperchat/livehelperchat
https://notcve.org/view.php?id=CVE-2022-1530
Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application. Cross-site Scripting (XSS) en el repositorio de GitHub livehelperchat/livehelperchat anterior a 3.99v. El atacante puede ejecutar JavaScript malicioso en la aplicación • https://github.com/livehelperchat/livehelperchat/commit/edef7a8387be718d0de2dfd1e722789afb0461bc https://huntr.dev/bounties/8fd8de01-7e83-4324-9cc8-a97acb9b70d6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0935 – Host Header injection in password Reset in livehelperchat/livehelperchat
https://notcve.org/view.php?id=CVE-2022-0935
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. Una Inyección de Encabezado de Host en el restablecimiento de la contraseña en el repositorio de GitHub livehelperchat/livehelperchat versiones anteriores a 3.97 • https://github.com/livehelperchat/livehelperchat/commit/ce96791cb4c7420266b668fc234c211914259ba7 https://huntr.dev/bounties/a7e40fdf-a333-4a50-8a53-d11b16ce3ec2 • CWE-116: Improper Encoding or Escaping of Output CWE-840: Business Logic Errors •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1234 – XSS in livehelperchat in livehelperchat/livehelperchat
https://notcve.org/view.php?id=CVE-2022-1234
XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device. Una vulnerabilidad de tipo XSS en livehelperchat en el repositorio de GitHub livehelperchat/livehelperchat versiones anteriores a 3.97. Esta vulnerabilidad presenta el potencial de desfigurar sitios web, resultar en cuentas de usuario comprometidas, y puede ejecutar código malicioso en las páginas web, lo que puede conllevar a un compromiso del dispositivo del usuario • https://github.com/livehelperchat/livehelperchat/commit/a09aa0d793818dc4cae78ac4bcfb557d4fd2a30d https://huntr.dev/bounties/0d235252-0882-4053-85c1-b41b94c814d4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1235 – Weak secrethash can be brute-forced in livehelperchat/livehelperchat
https://notcve.org/view.php?id=CVE-2022-1235
Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96. Puede forzarse un secrethash débil en el repositorio de GitHub livehelperchat/livehelperchat versiones anteriores a 3.96 • https://github.com/livehelperchat/livehelperchat/commit/6538d6df3d8a60fee254170b08dd76a161f7bfdc https://huntr.dev/bounties/92f7b2d4-fa88-4c62-a2ee-721eebe01705 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1213 – SSRF filter bypass port 80, 433 in livehelperchat/livehelperchat
https://notcve.org/view.php?id=CVE-2022-1213
SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191 Una omisión del filtro SSRF en el puerto 80, 433 en el repositorio de GitHub livehelperchat/livehelperchat versiones anteriores a 3.67v. Un atacante podría hacer que la aplicación llevara a cabo peticiones arbitrarias, omitiendo CVE-2022-1191 • https://github.com/livehelperchat/livehelperchat/commit/abc9599ee7aded466ca216741dcaea533c908111 https://huntr.dev/bounties/084387f6-5b9c-4017-baa2-5fcf65b051e1 • CWE-918: Server-Side Request Forgery (SSRF) •