Skip to main content

CVE-2026-0483

Cross-site Scripting (XSS) (CWE-79)
2026-01-28 cve-coordination@incibe.es

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 28, 2026 - 12:15 nvd
N/A

DescriptionCVE.org

Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user's context when they download and open the file via the link generated by the application. The vulnerability allows arbitrary JavaScript code to be executed in the user's local context.

AnalysisAI

Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72.

Technical ContextAI

Classified as CWE-79 (Cross-site Scripting (XSS)). Affects the PDF file upload component of version. Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user's context when they download and open the file via the link generated by the application. The vulnerability allows arbitrary JavaScript code to be executed in the user's local context.

Affected ProductsAI

Product: version. Versions: up to 4.72.. Component: PDF file upload.

RemediationAI

Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers.

Share

CVE-2026-0483 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy