Skip to main content

Live Helper Chat

23 CVEs product

Monthly

CVE-2026-27954 MEDIUM This Month

Live Helper Chat is an open-source application that enables live support websites. [CVSS 6.5 MEDIUM]

PHP Privilege Escalation Live Helper Chat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-27516 PHP CRITICAL PATCH Act Now

Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE PHP Command Injection Live Helper Chat
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-1530 PHP MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-0935 HIGH POC PATCH This Week

Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Live Helper Chat
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-1234 MEDIUM POC PATCH This Month

XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-1235 PHP HIGH POC PATCH This Week

Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Live Helper Chat
NVD GitHub
CVSS 3.1
8.2
EPSS
0.5%
CVE-2022-1213 PHP HIGH POC PATCH This Week

SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Live Helper Chat
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-1176 PHP HIGH POC PATCH This Week

Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Information Disclosure Live Helper Chat
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-1191 HIGH POC PATCH This Week

SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SSRF Live Helper Chat
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-0083 PHP MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Live Helper Chat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-4176 MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-4175 MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-4179 MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-4177 MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Live Helper Chat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-4169 MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-4131 PHP HIGH POC PATCH This Week

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Live Helper Chat
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-4132 PHP MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-4123 PHP MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Live Helper Chat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-4050 PHP MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-4049 PHP MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Live Helper Chat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-26135 MEDIUM POC PATCH This Month

Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-26134 MEDIUM POC PATCH This Month

Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2017-1000059 MEDIUM This Month

Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Live Helper Chat
NVD
CVSS 3.0
6.1
EPSS
0.3%
EPSS 0% CVSS 6.5
MEDIUM This Month

Live Helper Chat is an open-source application that enables live support websites. [CVSS 6.5 MEDIUM]

PHP Privilege Escalation Live Helper Chat
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE PHP Command Injection +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Live Helper Chat
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
EPSS 1% CVSS 8.2
HIGH POC PATCH This Week

Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Live Helper Chat
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Live Helper Chat
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Information Disclosure Live Helper Chat
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SSRF Live Helper Chat
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Live Helper Chat
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Live Helper Chat
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Live Helper Chat
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Live Helper Chat
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Live Helper Chat
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Live Helper Chat
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy