Live Helper Chat
Moderate fix1 remedy
cpe:2.3:a:livehelperchat:live_helper_chat:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 4.61
Live Helper Chat Stored Cross-Site Scripting Vulnerability in Facebook Integration
Vulnerability
Patched
A stored cross-site scripting vulnerability has been identified in Live Helper Chat versions through 4.61. This vulnerability allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Name parameter on the Facebook registration page. The injected script is executed when users with higher privileges, such as administrators, access or edit the integration settings.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user accessing the Facebook integration.
Reproduction
To reproduce this vulnerability, log in as an operator and navigate to the Facebook page integration settings. Create a new integration and enter a payload, such as an image tag with an error event handler, into the Name field. After saving, the payload will be executed when higher-privileged users access the integration.
Remediation
Users can update to Live Helper Chat version 4.61 or later, where this vulnerability has been patched.
Added: Jul 21, 2025, 7:28 PM
Updated: Jul 21, 2025, 7:28 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
1.7exploitability
6.5remediation
7.7relevance
0.3threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.