Exploit Details
Basic Information
| Exploit Title | LiveHelperChat 4.61 – Stored Cross Site Scripting (XSS) via Personal Canned Messages |
|---|---|
| Exploit ID | EDB-ID:52379 |
| Type | exploitdb |
| Published | 2025-07-22T00:00:00 |
| Modified | 2025-07-22T00:00:00 |
CVSS Information
| Severity | NONE |
|---|---|
| Vector | NONE |
AI Analysis
| AI Description | A stored XSS vulnerability in LiveHelperChat allows attackers to inject malicious JavaScript via Personal Canned Messages, executing when an admin or operator uses the message. This can lead to session hijacking or unauthorized actions. |
|---|---|
| AI Severity | High |
| AI Vendor | LiveHelperChat |
| AI Product | LiveHelperChat |
| AI Version | ≤4.61 |
CVE Information
- CVE-2025-51400
Exploit Description
Exploit Title:…
Exploit Code
# Exploit Title: LiveHelperChat 4.61 – Stored Cross Site Scripting (XSS)
via Personal Canned Messages
# Date: 09/06/2025
# Exploit Author: Manojkumar J (TheWhiteEvil)
# Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/
# Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/
# Software Link:
https://github.com/LiveHelperChat/livehelperchat/
# Version: <=4.61
# Patched Version: 4.61
# Category: Web Application
# Tested on: Mac OS Sequoia 15.5, Firefox
# CVE : CVE-2025-51400
# Exploit link: https://github.com/Thewhiteevil/CVE-2025-51400
via Personal Canned Messages
# Date: 09/06/2025
# Exploit Author: Manojkumar J (TheWhiteEvil)
# Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/
# Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/
# Software Link:
https://github.com/LiveHelperChat/livehelperchat/
# Version: <=4.61
# Patched Version: 4.61
# Category: Web Application
# Tested on: Mac OS Sequoia 15.5, Firefox
# CVE : CVE-2025-51400
# Exploit link: https://github.com/Thewhiteevil/CVE-2025-51400
A stored cross-site scripting (XSS) vulnerability in Live Helper Chat
version ≤ 4.61 allows attackers to execute arbitrary JavaScript by
injecting a crafted payload into the Personal Canned Messages. When an
admin or operator user views the message, and tries to send canned messages
the stored javascript executes in their browser context.
## Reproduction Steps:
1. Log in as an operator.
2. Navigate to your Personal Canned Messages.
3. Create new personal canned message, enter the following payload:
“`
“>
“`
4. Save the changes.
5. Try to use the personal canned message, the cross site scripting (xss)
will execute.