HomePentest-Tools.com Logo

ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting CVE-2014-4513

Severity
CVSSv3 Score
4.3
Vulnerability description

Multiple cross-site scripting vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.

Risk description

No risk description to display.

Recommendation

Upgrade to a patched version of ActiveHelper LiveHelp Server or apply the necessary security patches to mitigate the XSS vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Jul 1, 2014
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available