إرسال #609068: Live Helper Chat lhc-php-resque extension for Live Helper Chat < 0ce7b4f1193c0ed6c6e31a960fafededf979eef2 Cross Site Scriptingالمعلومات

عنوانLive Helper Chat lhc-php-resque extension for Live Helper Chat < 0ce7b4f1193c0ed6c6e31a960fafededf979eef2 Cross Site Scripting
الوصفCross site scripting vulnerability in Live Helper Chat's LHC-PHP-Resque extension allows remote attackers to run JavaScript in authenticated administrator sessions. It can be exploited by injecting a malicious payload in the queue name parameter at the /site_admin/lhcphpresque/list/ endpoint. This leads to escalation of privileges, where attackers can promote their user accounts to administrator status. This vulnerability particularly affects all Docker deployments because the PHP-Resque extension is enabled by default in the Docker image of Live Helper Chat.
المصدر⚠️ https://github.com/CodeBrics/lhc-php-resque-exploit/
المستخدم Jay Shah (UID 87421)
ارسال04/07/2025 09:30 AM (12 أشهر منذ)
الاعتدال10/07/2025 05:51 PM (6 days later)
الحالةتمت الموافقة
إدخال VulDB316005 [LiveHelperChat lhc-php-resque Extension حتى ee1270b35625f552425e32a6a3061cd54b5085c4 List list queue name البرمجة عبر المواقع]
النقاط20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!