CVE-2025-7435

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: LiveHelperChat lhc-php-resque Extension versions up to ee1270b35625f552425e32a6a3061cd54b5085c4

Description: A problematic issue exists in LiveHelperChat lhc-php-resque Extension. The manipulation of the queue name argument within the List Handler component, specifically affecting an unknown part of the file /site admin/lhcphpresque/list/, leads to cross site scripting. The attack can be initiated remotely, and the exploit has been publicly disclosed. The product utilizes a rolling release approach, and therefore specific version details for affected and updated releases are unavailable.

Recommendations: Apply the patch with identifier 542aa8449b5aa889b3a54f419e794afe19f56d5d/0ce7b4f1193c0ed6c6e31a960fafededf979eef2 to fix this issue.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-7435

Affected Products

Livehelperchat Lhc-Php-Resque Extension

CVE-2025-7435

Weakness Enumeration

Related Identifiers

Affected Products

References · 12