Описание
Cross-site Scripting in livehelperchat
Stored XSS is found in Settings>Live help configuration>Personal Theme>static content. Under the NAME field put a payload {{constructor.constructor('alert(1)')()}} while creating content, and you will see that the input gets stored, and every time the user visits, the payload gets executed.
Пакеты
Наименование
remdex/livehelperchat
composer
Затронутые версииВерсия исправления
< 3.93
3.93
Связанные уязвимости
CVSS3: 5.4
nvd
около 4 лет назад
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.