Live Helper Chat
CVE-2022-1235
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.
AnalysisAI
Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-916. Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96. Affected products include: Livehelperchat Live Helper Chat. Version information: prior to 3.96..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Live Helper Chat
View allHost Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. Rated high sev
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is
SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. Rated high severity (
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96. Rated high severi
Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96. Rat
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability
Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Rated medium severity (CVS
XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. Rated medium severity (CVSS 6.1)
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Ra
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Ra
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Ra
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today