Live Helper Chat
CVE-2022-1213
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191
AnalysisAI
SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191 Affected products include: Livehelperchat Live Helper Chat. Version information: prior to 3.67.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.
More in Live Helper Chat
View allHost Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. Rated high sev
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is
Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96. Rated high severit
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96. Rated high severi
Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96. Rat
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability
Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Rated medium severity (CVS
XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. Rated medium severity (CVSS 6.1)
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Ra
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Ra
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Ra
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today