CVE-2010-2046

Name of the Vulnerable Software and Affected Versions com activehelper livehelp version 2.0.3

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the DOMAINID parameter to "server/cookies.php" and the SERVER parameter to "server/index.php" are vulnerable.

Recommendations For version 2.0.3, consider disabling access to the "server/cookies.php" and "server/index.php" endpoints until a patch is available. Restrict the use of the DOMAINID and SERVER parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.