Stored Cross-Site Scripting Vulnerability in Live Helper Chat by Live Helper Chat
CVE-2026-0483

6.9MEDIUM

Key Information:

Vendor: Livehelperchat
Status: Livehelperchat
Vendor: CVE Published:; 28 January 2026

🔔 Create Livehelperchat Vulnerability Alert

What is CVE-2026-0483?

A stored Cross-Site Scripting (XSS) vulnerability exists in the PDF file upload feature of Live Helper Chat, affecting versions prior to 4.72. By exploiting this vulnerability, an attacker can upload a specially crafted PDF file containing malicious XSS code. When a user downloads and opens the file through the link provided by the application, the malicious script is executed in the user's context, allowing the attacker to execute arbitrary JavaScript code. This can potentially compromise user sessions and lead to unauthorized actions within the application.

Affected Version(s)

LiveHelperChat 0 < 4.72

References

https://www.incibe.es/en/incibe-cert/notices/aviso/stored...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 28, 2026
Vulnerability Reserved
Dec 9, 2025

Credit

Miguel Jimenez Camara

CVE-2026-0483 Data

JSON