Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Valid

Reported on

Aug 24th 2021


✍️ Description

stored xss XMP configuration

🕵️‍♂️ Proof of Concept

Plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1j1b5XDv2v73539J5MYwxYDe0IPt9yS3f/view?usp=sharing

💥 Impact

xss bug allow to execute arbitary javascript code

Occurrences

We have contacted a member of the livehelperchat team and are waiting to hear back a year ago
Remigijus Kiminas validated this vulnerability a year ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
Remigijus Kiminas marked this as fixed with commit f7584a a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation