Описание
Cross-site Scripting in livehelperchat
Stored XSS is found in Settings>Live help configuration>Departments->Departments groups->edit When a user creates a new webhook under the NAME field and puts a payload {{constructor.constructor('alert(1)')()}}, the input gets stored, at user edit groupname , the payload gets executed.
Пакеты
Наименование
remdex/livehelperchat
composer
Затронутые версииВерсия исправления
< 3.93
3.93
Связанные уязвимости
CVSS3: 5.4
nvd
около 4 лет назад
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.