Live Helper Chat
Moderate fix1 remedy
cpe:2.3:a:livehelperchat:live_helper_chat:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 4.61
Live Helper Chat Stored Cross-Site Scripting Vulnerability in Personal Canned Messages
Vulnerability
Patched
A stored cross-site scripting vulnerability has been identified in Live Helper Chat versions through 4.60. This vulnerability allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into Personal Canned Messages. When an admin or operator views the message and attempts to send canned responses, the injected script executes in their browser context.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the message.
Reproduction
To reproduce this vulnerability, log in as an operator and navigate to Personal Canned Messages. Create a new message and inject a script payload, such as an image tag with an 'onerror' event. After saving the message, attempt to use it, which will trigger the execution of the injected script.
Remediation
Users are advised to update Live Helper Chat to version 4.61 or later, where this vulnerability has been fixed.
Added: Jul 21, 2025, 7:26 PM
Updated: Jul 21, 2025, 7:26 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
1.7exploitability
6.5remediation
7.7relevance
0.3threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.