Exploit Details
Basic Information
| Exploit Title | LiveHelperChat 4.61 – Stored Cross Site Scripting (XSS) via Facebook Integration Page Name Field |
|---|---|
| Exploit ID | EDB-ID:52378 |
| Type | exploitdb |
| Published | 2025-07-22T00:00:00 |
| Modified | 2025-07-22T00:00:00 |
CVSS Information
| Severity | NONE |
|---|---|
| Vector | NONE |
CVE Information
- CVE-2025-51398
Exploit Description
Exploit Code
via Facebook Integration Page Name Field
# Date: 09/06/2025
# Exploit Author: Manojkumar J (TheWhiteEvil)
# Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/
# Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/
# Software Link:
https://github.com/LiveHelperChat/livehelperchat/
# Version: <=4.61
# Patched Version: 4.61
# Category: Web Application
# Tested on: Mac OS Sequoia 15.5, Firefox
# CVE : CVE-2025-51398
# Exploit link: https://github.com/Thewhiteevil/CVE-2025-51398
A stored cross-site scripting (XSS) vulnerability in Live Helper Chat
version ≤ 4.61 allows attackers to execute arbitrary JavaScript by
injecting a crafted payload into the Facebook page integration Name Field.
The payload is stored and executed when higher-privileged users (e.g.,
administrators) access or edit the integration settings, resulting in
stored Cross Site Scripting (XSS).
## Reproduction Steps:
1. Log in as an operator.
2. Navigate to your Facebook page integration.
3. Create new Facebook page integration, enter the following payload in the
Facebook page integration Name Field:
“`
“>
“`
4. Save the changes.
5. The payload is stored and executed when higher-privileged users (e.g.,
operator or administrators) access or edit the Facebook page integration,
resulting in stored Cross Site Scripting (XSS).