| 제목 | Live Helper Chat lhc-php-resque extension for Live Helper Chat < 0ce7b4f1193c0ed6c6e31a960fafededf979eef2 Cross Site Scripting |
|---|
| 설명 | Cross site scripting vulnerability in Live Helper Chat's LHC-PHP-Resque extension allows remote attackers to run JavaScript in authenticated administrator sessions. It can be exploited by injecting a malicious payload in the queue name parameter at the /site_admin/lhcphpresque/list/ endpoint. This leads to escalation of privileges, where attackers can promote their user accounts to administrator status. This vulnerability particularly affects all Docker deployments because the PHP-Resque extension is enabled by default in the Docker image of Live Helper Chat. |
|---|
| 원천 | ⚠️ https://github.com/CodeBrics/lhc-php-resque-exploit/ |
|---|
| 사용자 | Jay Shah (UID 87421) |
|---|
| 제출 | 2025. 07. 04. AM 09:30 (12 개월 ago) |
|---|
| 모더레이션 | 2025. 07. 10. PM 05:51 (6 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 316005 [LiveHelperChat lhc-php-resque Extension 까지 ee1270b35625f552425e32a6a3061cd54b5085c4 List list queue name 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|