PatchSiren cyber security CVE debrief
CVE-2019-25737 Screets CVE debrief
CVE-2019-25737 is a stored cross-site scripting (XSS) vulnerability in Live Chat Unlimited 2.8.3. The vulnerability allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit payloads containing script tags and event handlers that execute in the admin area, enabling cookie theft or forced redirects to malicious websites. The CVSS score for this vulnerability is 5.3, with a severity rating of MEDIUM.
- Vendor
- Screets
- Product
- Live Chat Unlimited
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-10
Who should care
Administrators and users of Live Chat Unlimited 2.8.3 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by inadequate input validation and sanitization in the chat input field. This allows attackers to inject malicious scripts, which can then be executed in the admin area.
Defensive priority
MEDIUM
Recommended defensive actions
- Update to a patched version of Live Chat Unlimited, if available.
- Implement input validation and sanitization for the chat input field.
- Monitor for suspicious activity and implement additional security measures to prevent exploitation.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information can be found at [ref-4], [ref-5], [ref-6], and [ref-7].
Official resources
CVE-2019-25737 was published on [cvePublishedAt] and modified on [cveModifiedAt].