CNNVD-202507-2703 Information
CNNVD ID
CNNVD-202507-2703
Related CVE
- CNNVD Published: 2025-07-21
Description (Chinese)
live helper chat是个人开发者的一款开源的支持在线聊天的插件。为web平台提供聊天功能。 live helper chat v4.60版本存在安全漏洞,该漏洞源于对chat transfer功能中operator name参数输入验证不足,可能导致存储型跨站脚本攻击。
Description (English)
Live help chat is an open-source, online chat support plugin for personal developers. Chat for web platforms. There is a security loophole in version five helper chat v4.60, which results from inadequate input validation of chart transfer parameters, which may lead to storage-type cross-site script attacks.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-07-21
Last Modified
2026-02-24
References
https://github.com/LiveHelperChat/livehelperchat/pull/2228/commits/2056503ad96e04467ec9af8d827109b9b9b46223 https://www.dropbox.com/scl/fi/efzjql0brniphfh5sgrzn/2025-05-09-14-26-26.mp4?rlkey=z4zpec6wsja5xo0ovq0g5g1tt&st=abbp3gtr&dl=0 https://github.com/Thewhiteevil/CVE-2025-51401 https://access.redhat.com/security/cve/cve-2025-51401 https://www.exploit-db.com/exploits/52380
Patch
https://github.com/LiveHelperChat/livehelperchat/releases
Share on: