CVE-2022-0387

Name of the Vulnerable Software and Affected Versions remdex/livehelperchat versions prior to 3.93v

Description The issue is related to a Stored Cross-site Scripting (XSS) in the remdex/livehelperchat package. This occurs when a user creates a new webhook under the NAME field in the Departments groups edit section and inputs a malicious payload, such as {{constructor.constructor('alert(1)')()}}. The payload gets stored and executed when the user edits the group name.

Recommendations For versions prior to 3.93v, update to version 3.93v or later to resolve the issue. As a temporary workaround, consider restricting access to the Departments groups edit section to minimize the risk of exploitation. Avoid using the NAME field in the webhook configuration until the issue is resolved.