CVE-2019-25737

MEDIUM

Live Chat Unlimited 2.8.3 Stored Cross-Site Scripting

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25737. PoCs published by m0ze.

AI-analyzed exploit summary The exploit demonstrates a stored XSS vulnerability in Live Chat Unlimited v2.8.3, where malicious payloads can be injected into the chat input field, leading to arbitrary JavaScript execution in the admin area. The provided payloads confirm the vulnerability by triggering alerts and potentially stealing cookies.

Description

Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit payloads containing script tags and event handlers that execute in the admin area, enabling cookie theft or forced redirects to malicious websites.

Exploits (1)

exploitdb WORKING POC

by m0ze · textwebappsphp

https://www.exploit-db.com/exploits/47037

View Code ZIP pw:eip

The exploit demonstrates a stored XSS vulnerability in Live Chat Unlimited v2.8.3, where malicious payloads can be injected into the chat input field, leading to arbitrary JavaScript execution in the admin area. The provided payloads confirm the vulnerability by triggering alerts and potentially stealing cookies.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Live Chat Unlimited v2.8.3

No auth needed

Prerequisites: Access to the chat interface on a vulnerable installation

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Jun 04, 2026 Full analysis →

References (4)

Core 4

Core References

Product product

Official Product Homepage

https://screets.com/

Exploit exploit

ExploitDB-47037

https://www.exploit-db.com/exploits/47037

Product product

Product Reference

https://codecanyon.net/item/wordpress-live-chat-plugin/3952877

Third Party Advisory third-party-advisory

VulnCheck Advisory: Live Chat Unlimited 2.8.3 Stored Cross-Site Scripting

https://www.vulncheck.com/advisories/live-chat-unlimited-stored-cross-site-scripting

Scores

CVSS v3 6.1

EPSS 0.0021

EPSS Percentile 11.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

Screets/Live Chat Unlimited 2.8.3

Published Jun 04, 2026

Tracked Since Jun 04, 2026