CVE-2026-27954

<= 4.52

Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three cha

6.5MEDIUM

CVE-2025-51403

<= 4.61

A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of Live Helper Chat v4.60 allows

6.5MEDIUM

CVE-2025-51401

<= 4.61

A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to exec

5.4MEDIUM

CVE-2025-51400

<= 4.61

A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to ex

5.4MEDIUM

CVE-2025-51398

<= 4.61

A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to

5.4MEDIUM

CVE-2025-51397

<= 4.61

A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execut

5.4MEDIUM

CVE-2025-51396

<= 4.61

A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or H

5.4MEDIUM

CVE-2024-27516

< 4.34

Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary c

9.8CRITICAL

CVE-2022-1530

< 3.99

Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious J

6.1MEDIUM

CVE-2022-0935

< 3.97

Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.

8.8HIGH

CVE-2022-1234

< 3.97

XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to de

6.1MEDIUM

CVE-2022-1235

< 3.96

Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.

8.2HIGH

CVE-2022-1213

< 3.97

SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the appl

8.1HIGH

CVE-2022-1176

< 3.96

Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.

7.5HIGH

CVE-2022-1191

< 3.96

SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.

8.1HIGH

CVE-2022-0612

<= 3.92

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.

5.4MEDIUM

CVE-2022-0502

<= 3.92

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.

5.4MEDIUM

CVE-2022-0395

< 3.93

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.

5.4MEDIUM

CVE-2022-0394

< 3.93

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.

5.4MEDIUM

CVE-2022-0387

< 3.93v

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.

5.4MEDIUM

CVE-2022-0370

< 3.93v

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.

5.4MEDIUM

CVE-2022-0375

< 3.93

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.

4.8MEDIUM

CVE-2022-0374

< 3.93

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.

5.4MEDIUM

CVE-2022-0266

< 3.92

Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v.

6.6MEDIUM

CVE-2022-0245

< 2.0

Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0.

4.3MEDIUM

CVE-2022-0253

< 3.91

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

5.4MEDIUM

CVE-2022-0226

< 2.0

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

4.3MEDIUM

CVE-2022-0231

<= 3.91

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

6.5MEDIUM

CVE-2022-0083

< 3.91

livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information

5.3MEDIUM

CVE-2021-4176

< 3.91

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1MEDIUM

CVE-2021-4175

< 3.91

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

5.4MEDIUM

CVE-2021-4179

< 3.91

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

5.4MEDIUM

CVE-2021-4177

< 3.91

livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information

5.3MEDIUM

CVE-2021-4169

<= 3.90

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1MEDIUM

CVE-2021-4131

< 2.0

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

8.8HIGH

CVE-2021-4132

<= 3.90

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

5.4MEDIUM

CVE-2021-4123

< 2.0

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

6.5MEDIUM

CVE-2021-4050

all versions

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1MEDIUM

CVE-2021-4049

< 2.0

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

6.5MEDIUM

CVE-2020-26135

< 3.44

Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO.

6.1MEDIUM

CVE-2020-26134

< 3.44

Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode.

6.1MEDIUM

CVE-2017-1000059

<= 2.06

Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execut

6.1MEDIUM