Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Valid

Reported on

Aug 24th 2021


✍️ Description

stored xss XMP configuration

🕵️‍♂️ Proof of Concept

Plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1j1b5XDv2v73539J5MYwxYDe0IPt9yS3f/view?usp=sharing

💥 Impact

xss bug allow to execute arbitary javascript code

Occurences

We have contacted a member of the livehelperchat team and are waiting to hear back 3 months ago
Remigijus Kiminas validated this vulnerability 3 months ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
Remigijus Kiminas confirmed that a fix has been merged on f7584a 3 months ago
The fix bounty has been dropped