CVE-2025-51400 is a stored cross-site scripting (XSS) vulnerability identified in the Personal Canned Messages feature of Live Helper Chat version 4.60. Stored XSS vulnerabilities occur when malicious scripts injected by an attacker are permanently stored on the target server and subsequently executed in the browsers of users who access the affected content. In this case, the vulnerability allows an attacker with at least limited privileges (PR:L) and requiring user interaction (UI:R) to inject crafted payloads into the Personal Canned Messages functionality. When other users view these messages, the malicious script executes in their browsers, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim. The CVSS score of 5.4 (medium severity) reflects that the attack vector is network-based (AV:N), with low attack complexity (AC:L), but requires privileges and user interaction. The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially vulnerable component. The impact on confidentiality and integrity is low (C:L, I:L), while availability is not affected (A:N). No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability is classified under CWE-79, which corresponds to improper neutralization of input during web page generation, a common web application security flaw. Live Helper Chat is an open-source live support chat system used by organizations to provide real-time customer support via web interfaces. The Personal Canned Messages feature allows users to store and reuse predefined message templates, which makes this vulnerability particularly concerning as it can be exploited by authenticated users to target other users or administrators who access these messages.

For European organizations using Live Helper Chat, this vulnerability poses a moderate risk primarily to the confidentiality and integrity of user sessions and data. Attackers exploiting this flaw could execute malicious scripts in the context of other users, potentially stealing session cookies, performing actions on behalf of users, or delivering further malware payloads. This could lead to unauthorized access to sensitive customer information, manipulation of support interactions, or reputational damage. Since Live Helper Chat is often integrated into customer-facing portals, exploitation could affect both internal support staff and external customers, increasing the attack surface. The requirement for attacker privileges and user interaction somewhat limits the ease of exploitation, but insider threats or compromised accounts could facilitate attacks. Additionally, the scope change indicates that the impact could extend beyond the immediate component, possibly affecting other integrated systems or data. European organizations with strict data protection regulations (e.g., GDPR) must be particularly cautious, as exploitation could lead to data breaches and regulatory penalties. The absence of known exploits in the wild provides a window for proactive mitigation before widespread attacks occur.

1. Immediate mitigation should include restricting access to the Personal Canned Messages feature to only trusted and necessary users, minimizing the number of accounts that can inject content. 2. Implement strict input validation and output encoding on all user-supplied content within the Personal Canned Messages functionality to neutralize malicious scripts. 3. Monitor and audit usage of canned messages for suspicious or anomalous entries that could indicate attempted exploitation. 4. Apply the principle of least privilege to user roles within Live Helper Chat, ensuring users have only the permissions required for their tasks. 5. Encourage users to avoid clicking on suspicious links or interacting with unexpected messages within the chat interface. 6. Since no official patch is currently available, consider deploying web application firewalls (WAFs) with custom rules to detect and block typical XSS payloads targeting this feature. 7. Stay updated with vendor advisories for patches or updates addressing this vulnerability and apply them promptly once released. 8. Conduct security awareness training for support staff to recognize and report suspicious activity related to chat messages. 9. Review and harden session management and cookie security settings to reduce the impact of potential session hijacking.