livehelperchat Server-Side Template Injection
livehelperchat 4.28v is vulnerable to Server-Side Template Injection (SSTI).
Advisories for Composer/Remdex/Livehelperchat package
2024
2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious JS on Application :)
Use of Password Hash With Insufficient Computational Effort
Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.
Server-Side Request Forgery (SSRF)
SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191
Access of Resource Using Incompatible Type ('Type Confusion')
Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.
Improper Neutralization of Input During Web Page Generation (`Cross-site Scripting`)
Stored Cross-site Scripting (XSS) in versions prior to v3.93.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Cross-Site Request Forgery (CSRF)
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF)
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Generation of Error Message Containing Sensitive Information
livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information
Authorization Bypass Through User-Controlled Key
Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-Site Request Forgery (CSRF)
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
2021
Cross-Site Request Forgery (CSRF)
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-Site Request Forgery (CSRF)
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)