Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

livehelperchat — Vulnerabilities & Security Advisories 34

Browse all 34 CVE security advisories affecting livehelperchat. AI-powered Chinese analysis, POCs, and references for each vulnerability.

LiveHelperChat is an open-source live support platform designed to facilitate real-time customer communication through web-based chat interfaces. Its architecture, primarily built on PHP, has historically exposed it to a significant volume of security issues, with thirty-four Common Vulnerabilities and Exposures (CVEs) currently recorded. The most prevalent vulnerability classes include Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and improper access controls. These flaws frequently allow attackers to execute arbitrary commands, steal session data, or escalate privileges within the application environment. While the project maintains an active development cycle to address these defects, the high count of past incidents highlights the challenges inherent in managing complex, community-driven codebases. Users are advised to prioritize regular updates and strict configuration hardening to mitigate the risk of exploitation against these known weaknesses.

Top products by livehelperchat: livehelperchat/livehelperchat LiveHelperChat lhc-php-resque Extension
CVE IDTitleCVSSSeverityPublished
CVE-2026-27954 LiveHelperChat has department-level authorization bypass in holdaction, blockuser, and transferchat endpoints — livehelperchatCWE-862 8.8AIHighAI2026-02-26
CVE-2026-0483 Stored Cross-Site Scripting (XSS) vulnerability in LiveHelperChat — LiveHelperChatCWE-79 5.4AIMediumAI2026-01-28
CVE-2025-7435 LiveHelperChat lhc-php-resque Extension List list cross site scripting — lhc-php-resque ExtensionCWE-79 3.5 Low2025-07-11
CVE-2022-1530 Cross-site Scripting (XSS) in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-79 5.4 -2022-04-29
CVE-2022-0935 Host Header injection in password Reset in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-840 8.8 -2022-04-07
CVE-2022-1234 XSS in livehelperchat in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-79 8.8 -2022-04-06
CVE-2022-1235 Weak secrethash can be brute-forced in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-916 5.3 -2022-04-05
CVE-2022-1213 SSRF filter bypass port 80, 433 in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-918 8.1 -2022-04-05
CVE-2022-1176 Loose comparison causes IDOR on multiple endpoints in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-843 7.5 -2022-03-31
CVE-2022-1191 SSRF on index.php/cobrowse/proxycss/ in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-918 6.5 -2022-03-31
CVE-2022-0612 Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-79 5.4 -2022-02-16
CVE-2022-0502 Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-79 5.4 -2022-02-06
CVE-2022-0395 Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-79 5.4 -2022-01-28
CVE-2022-0394 Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-79 5.4 -2022-01-28
CVE-2022-0370 Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-79 5.4 -2022-01-27
CVE-2022-0387 Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-79 5.4 -2022-01-27
CVE-2022-0375 Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-79 5.4 -2022-01-26
CVE-2022-0374 Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-79 5.4 -2022-01-26
CVE-2022-0266 Authorization Bypass Through User-Controlled Key in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-639 6.8 -2022-01-19
CVE-2022-0245 Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-352 6.5 -2022-01-18
CVE-2022-0253 Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-79 6.1 -2022-01-17
CVE-2022-0226 Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-352 4.3 -2022-01-14
CVE-2022-0231 Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-352 4.3 -2022-01-14
CVE-2022-0083 Generation of Error Message Containing Sensitive Information in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-209 5.3 -2022-01-04
CVE-2021-4175 Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-79 6.1 -2021-12-29
CVE-2021-4176 Cross-site Scripting (XSS) - Reflected in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-79 6.1 -2021-12-29
CVE-2021-4179 Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-79 6.1 -2021-12-28
CVE-2021-4177 Generation of Error Message Containing Sensitive Information in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-209 5.3 -2021-12-28
CVE-2021-4169 Cross-site Scripting (XSS) - Reflected in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-79 6.1 -2021-12-26
CVE-2021-4131 Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat — livehelperchat/livehelperchatCWE-352 4.3 -2021-12-18

This page lists every published CVE security advisory associated with livehelperchat. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.