CVE-2025-51397
MEDIUMDescription
A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists.
Is your site exposed to CVE-2025-51397?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| livehelperchat | live_helper_chat |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-51397? +
How severe is CVE-2025-51397? +
What products are affected by CVE-2025-51397? +
How do I check if I'm vulnerable to CVE-2025-51397? +
Related Vulnerabilities
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging …
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API …
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS …
If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk …
A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the …
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker …