CVE-2025-51397

Medium CVSS: 5.4

A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists.

Vendor

Livehelperchat

Product

Live Helper Chat

CWE

CWE-779

Yayın Tarihi

2025-07-21 19:15:31

Güncelleme

2025-08-07 01:23:37

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-779 Live Helper Chat MEDIUM Livehelperchat 2025

Referanslar

https://github.com/LiveHelperChat/livehelperchat/pull/2228/commits/2056503ad96e04467ec9af8d827109b9b9b46223 https://github.com/Thewhiteevil/CVE-2025-51397 https://www.dropbox.com/scl/fi/qrbtcv8bir2i8ielguyi3/2025-05-09-13-58-50.mp4?rlkey=thcbqxuzpm37o73j0ywsu3h3u&st=fhird68s&dl=0

Benzer Kayıtlar

Medium

CVE-2026-27954

Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52,…

Medium

CVE-2025-51398

A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows att…

Medium

CVE-2025-51400

A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attac…

Medium

CVE-2025-51401

A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attacke…

Medium

CVE-2025-51403

A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.…

Medium

CVE-2025-51396

A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web sc…