Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application.

Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.

XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device.

Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.

SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191

Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.

SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.