Live Helper Chat
Moderate fix1 remedy
cpe:2.3:a:livehelperchat:live_helper_chat:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 4.61
Live Helper Chat Stored Cross-Site Scripting Vulnerability in Chat Transfer Function
Vulnerability
Patched
A stored cross-site scripting vulnerability has been identified in Live Helper Chat versions through 4.60. This vulnerability allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the operator name parameter. The issue arises in the chat transfer function, where the injected script is executed in the context of the receiving operator's chat interface.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user receiving the chat transfer.
Reproduction
To reproduce this vulnerability, log in as an operator and navigate to the operator settings page. In the 'Name' field, inject a script payload, such as an image tag with an 'onerror' event. After saving the changes, initiate a chat with a visitor and transfer the chat to another operator. The injected script will execute in the receiving operator's chat interface.
Remediation
Users can update to Live Helper Chat version 4.61 or later, where this vulnerability has been fixed.
Added: Jul 21, 2025, 7:23 PM
Updated: Jul 21, 2025, 7:23 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
1.7exploitability
6.8remediation
7.7relevance
0.3threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.