Cross-site Scripting (XSS) in livehelperchat/livehelperchat

Valid

Reported on

Apr 26th 2022


Proof of Concept

1) Login to the webapplication 
2) Navigate to the below URL
URL :- https://demo.livehelperchat.com/site_admin/system/languages/(updated)/true/(sa)/HEXX%22%3E%3Ca%20onmouseover=alert(11122)%3EDEXX%3Ca

Below some image POC

BurpSuite Request XSS Trigger in Browser

Impact

Attacker can execute malicious JS on Application :)

We are processing your report and will contact the livehelperchat team within 24 hours. a month ago
Remigijus Kiminas validated this vulnerability a month ago
AggressiveUser has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Remigijus Kiminas confirmed that a fix has been merged on edef7a a month ago
The fix bounty has been dropped
AggressiveUser
a month ago

Researcher


@maintainer can i have CVE for this report ? if its possible please mention the @admin for it.

Jamie Slome
a month ago

Admin


Sorted 👍 The CVE should be published shortly...

to join this conversation