Stored XSS Vulnerability in Live Helper Chat Plugin by Live Helper Chat
CVE-2020-26134

6.1MEDIUM

Key Information:

Vendor

Livehelperchat

Status
Live Helper Chat
Vendor
CVE Published:
2 October 2020

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2020-26134?

Live Helper Chat prior to version 3.44 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability. This flaw allows an attacker to embed malicious scripts within chat messages that can be executed when viewed by an operator. Exploiting this vulnerability can lead to unauthorized actions and potential data theft. Users are strongly advised to update to version 3.44 or later to mitigate this risk and enhance their security posture.

References

https://livehelperchat.com/3.44v-security-update-and-few-...
x_refsource_MISC
https://github.com/LiveHelperChat/livehelperchat/commit/a...
x_refsource_MISC
https://github.com/rekter0/exploits/tree/master/CVE-2020-...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.