MidnightBSD

Advisories for activehelper

CVE-2010-2046 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the ActiveHelper LiveHelp (com_activehelper_livehelp) component 2.0.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via (1) the DOMAINID parameter to server/cookies.php or (2) the SERVER parameter to server/index.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
activehelper com_activehelper_livehelp 2.0.3
CVE-2014-4513 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
activehelper activehelper_livehelp_live_chat 2.6.7
activehelper activehelper_livehelp_live_chat 2.9.0
activehelper activehelper_livehelp_live_chat *
activehelper activehelper_livehelp_live_chat 2.6.5
activehelper activehelper_livehelp_live_chat 2.6.2
activehelper activehelper_livehelp_live_chat 2.7.5
activehelper activehelper_livehelp_live_chat 3.0.0
activehelper activehelper_livehelp_live_chat 2.6.1
activehelper activehelper_livehelp_live_chat 2.7.0
activehelper activehelper_livehelp_live_chat 2.7.4
activehelper activehelper_livehelp_live_chat 2.6.0
activehelper activehelper_livehelp_live_chat 2.9.5
activehelper activehelper_livehelp_live_chat 2.9.1
activehelper activehelper_livehelp_live_chat 2.9.2
activehelper activehelper_livehelp_live_chat 2.7.3