{"package":"remdex/livehelperchat","ecosystem":"composer","latest_version":"2.0","description":"Live Helper Chat - live support for your website. Featuring web and desktop clients. Compatible Windows, Linux, Mac. Desktop client powered by QT. Supports mobile phones based on XMPP service providers (GTalk, Xabber, Mono etc.)","license":"GPL-3.0+","license_risk":"unknown","commercial_use_notes":"verify manually — license not parseable / not declared.","homepage":"https://livehelperchat.com","repository":"https://github.com/LiveHelperChat/livehelperchat","downloads_weekly":0,"health":{"score":11,"risk":"critical","breakdown":{"maintenance":0,"popularity":0,"security":0,"maturity":9,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":23,"critical":0,"high":4,"medium":18,"low":1,"details":[{"vuln_id":"BIT-livehelperchat-2022-0083","severity":"medium","summary":"User enumeration in livehelperchat","affected_versions":"<3.91|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":"3.91","source":"osv","published_at":"2022-01-21T23:37:07Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-livehelperchat-2022-0395","severity":"medium","summary":"Cross-site Scripting in LiveHelperChat","affected_versions":"<3.93|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":"3.93","source":"osv","published_at":"2022-01-29T00:00:33Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-livehelperchat-2022-0502","severity":"medium","summary":"Cross-site Scripting in LiveHelperChat","affected_versions":"<3.93|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":"3.93","source":"osv","published_at":"2022-02-07T00:00:30Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-livehelperchat-2022-0374","severity":"medium","summary":"Cross-site Scripting in livehelperchat","affected_versions":"<3.93|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":"3.93","source":"osv","published_at":"2022-01-28T23:06:12Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-livehelperchat-2022-1176","severity":"high","summary":"Type Confusion in LiveHelperChat","affected_versions":"<3.96|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":"3.96","source":"osv","published_at":"2022-04-01T00:00:40Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2022-0253","severity":"medium","summary":"livehelperchat is vulnerable to Cross-site Scripting","affected_versions":"<=3.91|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":null,"source":"osv","published_at":"2022-01-21T23:48:25Z","in_kev":false,"epss_prob":0.00289,"epss_percentile":0.52287,"threat_tier":"theoretical"},{"vuln_id":"BIT-livehelperchat-2022-0226","severity":"medium","summary":"Cross-Site Request Forgery (CSRF) in livehelperchat","affected_versions":"<3.92|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":"3.92","source":"osv","published_at":"2022-01-26T20:21:03Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-livehelperchat-2022-0231","severity":"medium","summary":"Cross-Site Request Forgery (CSRF) in livehelperchat","affected_versions":"<3.92|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":"3.92","source":"osv","published_at":"2022-01-26T20:22:08Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2022-0370","severity":"medium","summary":"Cross-site Scripting in livehelperchat","affected_versions":"<3.93|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":"3.93","source":"osv","published_at":"2022-01-28T23:06:22Z","in_kev":false,"epss_prob":0.00289,"epss_percentile":0.52287,"threat_tier":"theoretical"},{"vuln_id":"BIT-livehelperchat-2021-4050","severity":"medium","summary":"Cross site scripting in remdex/livehelperchat","affected_versions":"<=2.0|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":null,"source":"osv","published_at":"2021-12-10T20:33:29Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-livehelperchat-2022-1530","severity":"medium","summary":"An attacker can execute malicious javascript in Live Helper Chat","affected_versions":"<3.99|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":"3.99","source":"osv","published_at":"2022-04-30T00:00:37Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-livehelperchat-2022-0266","severity":"medium","summary":"Authorization Bypass Through User-Controlled Key in LiveHelperChat","affected_versions":"<3.92|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":"3.92","source":"osv","published_at":"2022-01-21T18:50:58Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-livehelperchat-2021-4132","severity":"medium","summary":"livehelperchat is vulnerable to Cross-site Scripting","affected_versions":"<3.91|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":"3.91","source":"osv","published_at":"2022-01-05T20:33:47Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-livehelperchat-2022-0612","severity":"medium","summary":"Cross-site Scripting in livehelperchat","affected_versions":"<3.93|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":"3.93","source":"osv","published_at":"2022-02-17T00:00:36Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-livehelperchat-2021-4049","severity":"low","summary":"Cross-Site Request Forgery in remdex/livehelperchat","affected_versions":"<=2.0|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":null,"source":"osv","published_at":"2021-12-10T20:26:34Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-livehelperchat-2022-1213","severity":"high","summary":"Server side request forgery in LiveHelperChat","affected_versions":"<3.67|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":"3.67","source":"osv","published_at":"2022-04-06T00:01:32Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-livehelperchat-2021-4131","severity":"high","summary":"livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)","affected_versions":"<3.91|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":"3.91","source":"osv","published_at":"2022-01-05T20:33:55Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-livehelperchat-2021-4123","severity":"medium","summary":"livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)","affected_versions":"<=3.90|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":null,"source":"osv","published_at":"2021-12-17T20:00:16Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2024-27516","severity":"medium","summary":"livehelperchat Server-Side Template Injection","affected_versions":"<4.29|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":"4.29","source":"osv","published_at":"2024-02-29T03:33:18Z","in_kev":false,"epss_prob":0.03183,"epss_percentile":0.8702,"threat_tier":"theoretical"},{"vuln_id":"BIT-livehelperchat-2022-0394","severity":"medium","summary":"Cross-site Scripting in LiveHelperChat","affected_versions":"<3.93|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":"3.93","source":"osv","published_at":"2022-02-01T00:49:48Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-livehelperchat-2022-1235","severity":"high","summary":"Weak password hash in LiveHelperChat","affected_versions":"<3.96|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":"3.96","source":"osv","published_at":"2022-04-06T00:01:31Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2022-0387","severity":"medium","summary":"Cross-site Scripting in livehelperchat","affected_versions":"<3.93|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":"3.93","source":"osv","published_at":"2022-01-28T23:06:32Z","in_kev":false,"epss_prob":0.00281,"epss_percentile":0.51452,"threat_tier":"theoretical"},{"vuln_id":"BIT-livehelperchat-2022-0375","severity":"medium","summary":"Cross-site Scripting in livehelperchat","affected_versions":"<3.93|=1.74|=1.81|=1.82|=1.83|=1.84|=1.85|=1.86|=1.87|=1.88|=1.89|=1.90|=1.91|=1.93|=1.94|=1.95|=1.98|=2.0","fixed_version":"3.93","source":"osv","published_at":"2022-01-28T23:06:00Z","in_kev":false,"threat_tier":"unknown"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"2.0","total_count":17,"recent":["2.0","1.98","1.95","1.94","1.93","1.91","1.90","1.89","1.88","1.87","1.86","1.85","1.84","1.83","1.82","1.81","1.74"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":null,"last_published":"2014-06-04T15:50:58+00:00","dependencies_count":1,"dependencies":["php"]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["Moderate health score (11/100) — verify manually","4 high severity vulnerabilities"],"use_version":"2.0","version_hint":"Update to >= 3.93 to fix known vulnerabilities","summary":"remdex/livehelperchat@2.0 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":17,"first_release_age_days":null,"last_release_days_ago":4350,"avg_days_between_releases":null,"release_velocity":"stale"}}