LiveHelperChat 4.61 – Stored Cross Site Scripting (XSS) via the Chat Transfer Function

July 22, 2025 invoker category_exploit

Exploit Details

Basic Information

Exploit Title LiveHelperChat 4.61 – Stored Cross Site Scripting (XSS) via the Chat Transfer Function
Exploit ID EDB-ID:52380
Type exploitdb
Published 2025-07-22T00:00:00
Modified 2025-07-22T00:00:00

CVSS Information

Severity NONE
Vector NONE

CVE Information

  • CVE-2025-51401

Exploit Description

Exploit…

Exploit Code

# Exploit Title: LiveHelperChat 4.61 – Stored Cross Site Scripting (XSS) via the Chat Transfer Function

# Date: 09/06/2025

# Exploit Author: Manojkumar J (TheWhiteEvil)

# Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/

# Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/

# Software Link:

https://github.com/LiveHelperChat/livehelperchat/

# Version: <=4.61
# Patched Version: 4.61

# Category: Web Application

# Tested on: Mac OS Sequoia 15.5, Firefox

# CVE : CVE-2025-51401

# Exploit link: https://github.com/Thewhiteevil/CVE-2025-51401

A stored cross-site scripting (XSS) vulnerability in Live Helper Chat

version ≀ 4.61 allows attackers to execute arbitrary JavaScript by

injecting a crafted payload into the Operator Chat Name Field Triggers on

Chat Owner Transfer Functionality on Live Helper Chat.

## Reproduction Steps:

1. Log in as an operator.

2. Navigate to your operator settings page.

3. In the **Name** field, enter the following payload:

“`

“>

“`

4. Save the changes.

5. Initiate a chat with a visitor.

6. Transfer the chat to another operator β€” the XSS payload executes in the

receiving operator’s chat interface.

View Full Exploit Details

πŸ’­ Join the Security Discussion

πŸ”’ Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.