Thewhiteevil/CVE-2025-51397

Releases0

LiveHelperChat <=4.61 - Stored Cross Site Scripting (XSS) via Operator Surname

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-51397 ↗	Jul 21, 2025Monday, 21 July 2025, 19:15	5.4 MEDIUM	—
A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists.