Manojkumar J

8 exploits Active since May 2022
CVE-2022-1631 EXPLOITDB HIGH text WRITEUP
Microweber < 1.2.15 - Incorrect Authorization
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pre-authentication to the victim’s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify if an account is already existing. Hence, the attacker’s persistence will remain. An attacker would be able to see all the activities performed by the victim user impacting the confidentiality and attempt to modify/corrupt the data impacting the integrity and availability factor. This attack becomes more interesting when an attacker can register an account from an employee’s email address. Assuming the organization uses G-Suite, it is much more impactful to hijack into an employee’s account.
CVSS 8.8
CVE-2025-51403 EXPLOITDB MEDIUM text WORKING POC
Live Helper Chat <4.60 - XSS
A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter.
CVSS 6.5
CVE-2025-51398 EXPLOITDB MEDIUM text WRITEUP
Live Helper Chat <4.60 - XSS
A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
CVSS 5.4
CVE-2025-51397 EXPLOITDB MEDIUM text WORKING POC
Live Helper Chat <4.60 - XSS
A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists.
CVSS 5.4
CVE-2025-51400 EXPLOITDB MEDIUM text WORKING POC
Live Helper Chat <4.60 - XSS
A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.
CVSS 5.4
CVE-2025-51396 EXPLOITDB MEDIUM text WORKING POC
Live Helper Chat <4.60 - XSS
A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter.
CVSS 5.4
CVE-2025-51401 EXPLOITDB MEDIUM text WORKING POC
Live Helper Chat <4.60 - XSS
A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter.
CVSS 5.4
CVE-2023-0493 EXPLOITDB MEDIUM text WORKING POC
Btcpayserver Btcpay Server < 1.7.5 - Injection
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.
CVSS 5.3