CVE-2025-51398 is a stored cross-site scripting (XSS) vulnerability identified in the Facebook registration page component of Live Helper Chat version 4.60. This vulnerability arises from insufficient input sanitization of the 'Name' parameter during user registration, allowing an attacker to inject malicious scripts or HTML code that are stored on the server and later executed in the context of other users' browsers. The vulnerability is classified under CWE-79, which pertains to improper neutralization of input during web page generation. The CVSS v3.1 base score is 5.4 (medium severity), with an attack vector of network (AV:N), low attack complexity (AC:L), requiring low privileges (PR:L), and user interaction (UI:R). The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality and integrity (C:L/I:L) but not availability (A:N). Exploitation would require an attacker with some level of authenticated access to inject the payload, and a victim user to interact with the malicious content for the script to execute. Although no known exploits are reported in the wild, the vulnerability poses a risk of session hijacking, defacement, or phishing within the Live Helper Chat environment. Since Live Helper Chat is a web-based customer support/chat platform, exploitation could compromise user sessions or steal sensitive information from users interacting with the chat service.

For European organizations using Live Helper Chat v4.60, this vulnerability could lead to unauthorized disclosure of user data, session hijacking, and potential manipulation of chat interactions. Given that Live Helper Chat is often deployed by businesses for customer support, exploitation could undermine customer trust and lead to reputational damage. Confidentiality breaches could expose personal data protected under GDPR, leading to regulatory penalties. Integrity impacts could allow attackers to inject misleading or malicious content into chat sessions, potentially facilitating social engineering attacks or spreading malware. The requirement for some level of authentication and user interaction limits the ease of exploitation but does not eliminate risk, especially in environments with many users or where attackers can create accounts. The absence of a patch at the time of publication increases exposure. European organizations with customer-facing chat services are particularly at risk, especially those in regulated sectors such as finance, healthcare, and e-commerce where data protection is critical.

Organizations should immediately assess their use of Live Helper Chat and determine if version 4.60 or earlier is deployed. Until an official patch is available, mitigation should include implementing strict input validation and output encoding on the 'Name' parameter at the application or web server level to neutralize malicious scripts. Web Application Firewalls (WAFs) can be configured to detect and block typical XSS payloads targeting the registration page. Additionally, enforcing multi-factor authentication and monitoring user registrations for suspicious activity can reduce risk. User education to recognize phishing or suspicious chat content is also advisable. Organizations should plan to upgrade to a patched version once released and conduct thorough security testing of chat interfaces. Logging and alerting on anomalous input patterns can help detect exploitation attempts early. Finally, reviewing and tightening Content Security Policy (CSP) headers can limit the impact of any successful XSS payloads.