Skip to main content

Live Helper Chat CVE-2022-1213

HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2022-04-05 security@huntr.dev
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 05, 2022 - 04:15 nvd
HIGH 8.1

DescriptionNVD

SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191

AnalysisAI

SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191 Affected products include: Livehelperchat Live Helper Chat. Version information: prior to 3.67.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.

CVE-2022-0935 HIGH POC
8.8 Apr 07

Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. Rated high sev

CVE-2021-4131 HIGH POC
8.8 Dec 18

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is

CVE-2022-1235 HIGH POC
8.2 Apr 05

Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96. Rated high severit

CVE-2022-1191 HIGH POC
8.1 Mar 31

SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96. Rated high severi

CVE-2022-1176 HIGH POC
7.5 Mar 31

Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96. Rat

CVE-2021-4123 MEDIUM POC
6.5 Dec 16

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability

CVE-2021-4049 MEDIUM POC
6.5 Dec 07

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability

CVE-2022-1530 MEDIUM POC
6.1 Apr 29

Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Rated medium severity (CVS

CVE-2022-1234 MEDIUM POC
6.1 Apr 06

XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. Rated medium severity (CVSS 6.1)

CVE-2021-4176 MEDIUM POC
6.1 Dec 29

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Ra

CVE-2021-4169 MEDIUM POC
6.1 Dec 26

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Ra

CVE-2021-4050 MEDIUM POC
6.1 Dec 08

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Ra

Share

CVE-2022-1213 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy