Skip to main content

Livehelperchat

1 CVEs product

Monthly

CVE-2026-44633 HIGH PATCH This Week

Privilege escalation and cross-site scripting in Live Helper Chat 4.84v allows authenticated REST API users to manipulate chats outside their authorized departments and inject malicious JavaScript into operator sessions. Attackers with low-privilege lhchat/use access can modify arbitrary chat object fields including chat hash, status, and operation_admin properties, enabling unauthorized data access through visitor/widget paths and code execution in operator contexts. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis.

Authentication Bypass Livehelperchat
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Privilege escalation and cross-site scripting in Live Helper Chat 4.84v allows authenticated REST API users to manipulate chats outside their authorized departments and inject malicious JavaScript into operator sessions. Attackers with low-privilege lhchat/use access can modify arbitrary chat object fields including chat hash, status, and operation_admin properties, enabling unauthorized data access through visitor/widget paths and code execution in operator contexts. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis.

Authentication Bypass Livehelperchat
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy