Livehelperchat Live Helper Chat — known CVE vulnerabilities
Every CVE whose affected-product data names Livehelperchat Live Helper Chat, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (38)
CVE-2024-27516 — CVSS 9.8 (critical): Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and…
CVE-2022-0935 — CVSS 8.8 (high): Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.
CVE-2022-1235 — CVSS 8.2 (high): Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.
CVE-2022-1191 — CVSS 8.1 (high): SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.
CVE-2022-1213 — CVSS 8.1 (high): SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application…
CVE-2022-1176 — CVSS 7.5 (high): Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.
CVE-2022-0266 — CVSS 6.6 (medium): Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v.
CVE-2026-27954 — CVSS 6.5 (medium): Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action…
CVE-2025-51403 — CVSS 6.5 (medium): A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers…
CVE-2017-1000059 — CVSS 6.1 (medium): Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of…
CVE-2021-4050 — CVSS 6.1 (medium): livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4169 — CVSS 6.1 (medium): livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4176 — CVSS 6.1 (medium): livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-1234 — CVSS 6.1 (medium): XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface…
CVE-2022-1530 — CVSS 6.1 (medium): Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript…
CVE-2025-51400 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute…
CVE-2025-51401 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute…
CVE-2021-4175 — CVSS 5.4 (medium): livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4179 — CVSS 5.4 (medium): livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4132 — CVSS 5.4 (medium): livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-51396 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via…
CVE-2025-51397 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute…
CVE-2025-51398 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute…