Cross-site Scripting (XSS) in livehelperchat/livehelperchat


Reported on

Apr 26th 2022

Proof of Concept

1) Login to the webapplication 
2) Navigate to the below URL
URL :-

Below some image POC

BurpSuite Request XSS Trigger in Browser


Attacker can execute malicious JS on Application :)

We are processing your report and will contact the livehelperchat team within 24 hours. a year ago
Remigijus Kiminas validated this vulnerability a year ago
AggressiveUser has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Remigijus Kiminas marked this as fixed in 3.99v with commit edef7a a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
a year ago


@maintainer can i have CVE for this report ? if its possible please mention the @admin for it.

Jamie Slome
a year ago


Sorted 👍 The CVE should be published shortly...

to join this conversation