CVE-2025-51397

July 22, 2025, 2:15 p.m.

5.4
Medium

Description

A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists.

Product(s) Impacted

Vendor Product Versions
Live Helper Chat
  • Live Helper Chat
  • 4.60

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-779
Logging of Excessive Data
The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a live_helper_chat live_helper_chat 4.60 / / / / / / /

References

https://github.com/LiveHelperChat/livehelperchat/pull/2228/commits/2056503ad96e04467ec9af8d827109b9b9b46223
https://github.com/Thewhiteevil/CVE-2025-51397
https://www.dropbox.com/scl/fi/qrbtcv8bir2i8ielguyi3/2025-05-09-13-58-50.mp4?rlkey=thcbqxuzpm37o73j0ywsu3h3u&st=fhird68s&dl=0

Tags

cve@mitre.org
CWE-779
2025-07-21
CVE-2025-51397

CVSS Score

5.4 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: CHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: LOW
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

    View Vector String

Timeline

Published: July 21, 2025, 7:15 p.m.
Last Modified: July 22, 2025, 2:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.