PT-2026-4814 · Unknown · Livehelperchat
Published
2026-01-26
·
Updated
2026-01-28
·
CVE-2026-0483
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Live Helper Chat versions prior to 4.72
Description
A stored Cross-Site Scripting (XSS) issue exists in the PDF file upload functionality. An attacker can upload a malicious PDF file containing an XSS payload. When a user downloads and opens the file through a link generated by the application, the payload is executed in the user’s context, allowing arbitrary JavaScript code to run locally.
Recommendations
Update Live Helper Chat to version 4.72 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Livehelperchat