CVE-2022-1234 HIGH

CVE-2022-1234: XSS in livehelperchat in livehelperchat/livehelperchat

Vendor Livehelperchat
Product livehelperchat/livehelperchat
Weakness CWE-79 · XSS
Published April 6, 2022
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device.

Key dates

02Disclosure timeline

April 6, 2022 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-57329 WordPress WooCommerce Designer Pro plugin <= 1.9.34 - Cross Site Scripting (XSS) vulnerability CVE-2024-5342 Simple Image Popup Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-1270 Cross-site Scripting in btcpayserver/btcpayserver CVE-2023-46613 WordPress Add to Calendar Button Plugin < 1.5.1 is vulnerable to Cross Site Scripting (XSS) CVE-2025-49304 WordPress Search with Typesense plugin <= 2.0.10 - Cross Site Scripting (XSS) Vulnerability