GSA_kwCzR0hTQS14M2czLWpoMjYtNzZjZs0m0g

Moderate EPSS: 0.00357% (0.57154 Percentile) EPSS:

Permalink JSON

Cross-site Scripting in livehelperchat

Affected Packages	Affected Versions	Fixed Versions
packagist:remdex/livehelperchat	< 3.93	3.93
0 Dependent packages 5 Dependent repositories 372 Downloads total Affected Version Ranges All affected versions All unaffected versions

LiveHelperChat is vulnerable to Stored XSS at the Name field in the Admin themes of System configuration.

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-0375
https://github.com/livehelperchat/livehelperchat/commit/bbfaa26ce54a2a86ce1a42a16496038f5bdfc102
https://huntr.dev/bounties/28e1c356-6eaa-4d93-af56-938e3b4d40a7
https://github.com/advisories/GHSA-x3g3-jh26-76cf

Identifiers

GHSA-x3g3-jh26-76cf

CVE-2022-0375

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00357

EPSS Percentile: 0.57154

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/livehelperchat/livehelperchat

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories