Manojkumar J

**Name of the Vulnerable Software and Affected Versions** Live Helper Chat version 4.60 **Description** A stored cross-site scripting (XSS) vulnerability exists in Live Helper Chat version 4.60. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `Telegram Bot Username` parameter. **Recommendations** Sanitize or encode user-supplied data, specifically the `Telegram Bot Username` parameter, to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** Live Helper Chat versions 4.60 **Description** A stored cross-site scripting (XSS) vulnerability exists in the Facebook Chat module. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `Surname` parameter under the Recipient Lists. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Live Helper Chat version 4.60 **Description** A stored cross-site scripting (XSS) vulnerability exists in the department assignment editing module. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the `Alias Nick` parameter. **Recommendations** Apply updates to Live Helper Chat version 4.60 to address the issue. As a temporary workaround, sanitize user input for the `Alias Nick` parameter to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** Live Helper Chat versions 4.60 and 4.61 **Description** A stored cross-site scripting (XSS) issue exists in the Personal Canned Messages feature. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload. **Recommendations** Update to a newer version of Live Helper Chat to address this issue.