EUVD-2026-4895

ID: EUVD-2026-4895

Severity: medium

CVSS v4: 6.9 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user's context when they download and open the file via the link generated by the application. The vulnerability allows arbitrary JavaScript code to be executed in the user's local context.

Timestamps

Normalized: 2026-01-28T23:21:13Z UTC
Last updated: 2026-01-28T23:21:13Z UTC

References

No references provided.

VulnAI

EUVD-2026-4895

Description

Timestamps

References