Manojkumar J (TheWhiteEvil) - Security Researcher

CVE-2025-51403 NOMISEC MEDIUM WRITEUP

Live Helper Chat < 4.61 - Stored Cross-Site Scripting via Department Alias Nick Parameter

A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter.

CVSS 6.5

View Code

CVE-2025-51396 NOMISEC MEDIUM WRITEUP

Live Helper Chat < 4.61 - Stored Cross-Site Scripting via Telegram Bot Username Parameter

A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter.

CVSS 5.4

View Code

CVE-2025-51397 NOMISEC MEDIUM WRITEUP

Live Helper Chat < 4.61 - Stored Cross-Site Scripting via Facebook Chat Module Surname Parameter

A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists.

CVSS 5.4

View Code

CVE-2025-51398 NOMISEC MEDIUM WRITEUP

livehelperchat < 4.61 - Stored Cross-Site Scripting via Facebook Registration Name Parameter

A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.

CVSS 5.4

View Code

CVE-2025-51400 NOMISEC MEDIUM WRITEUP

live_helper_chat < 4.61 - Stored Cross-Site Scripting in Personal Canned Messages

A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.

CVSS 5.4

View Code

CVE-2025-51401 NOMISEC MEDIUM WRITEUP

live_helper_chat < 4.61 - Stored Cross-Site Scripting via Operator Name Parameter

A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter.

CVSS 5.4

View Code

CVE-2025-51401 EXPLOITDB MEDIUM text WORKING POC

live_helper_chat < 4.61 - Stored Cross-Site Scripting via Operator Name Parameter

A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter.

CVSS 5.4

View Code

CVE-2025-51403 EXPLOITDB MEDIUM text WORKING POC

Live Helper Chat < 4.61 - Stored Cross-Site Scripting via Department Alias Nick Parameter

A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter.

CVSS 6.5

View Code

CVE-2025-51398 EXPLOITDB MEDIUM text WRITEUP

livehelperchat < 4.61 - Stored Cross-Site Scripting via Facebook Registration Name Parameter

A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.

CVSS 5.4

View Code

CVE-2025-51397 EXPLOITDB MEDIUM text WORKING POC

Live Helper Chat < 4.61 - Stored Cross-Site Scripting via Facebook Chat Module Surname Parameter

A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists.

CVSS 5.4

View Code

CVE-2025-51400 EXPLOITDB MEDIUM text WORKING POC

live_helper_chat < 4.61 - Stored Cross-Site Scripting in Personal Canned Messages

A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.

CVSS 5.4

View Code

CVE-2025-51396 EXPLOITDB MEDIUM text WORKING POC

Live Helper Chat < 4.61 - Stored Cross-Site Scripting via Telegram Bot Username Parameter

A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter.

CVSS 5.4

View Code

CVE-2023-0493 EXPLOITDB MEDIUM text WORKING POC

BTCPay Server < 1.7.5 - HTML Injection

Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.

CVSS 5.3

View Code