CVE-2025-7435
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-11

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in LiveHelperChat lhc-php-resque Extension up to ee1270b35625f552425e32a6a3061cd54b5085c4. It has been classified as problematic. This affects an unknown part of the file /site_admin/lhcphpresque/list/ of the component List Handler. The manipulation of the argument queue name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 542aa8449b5aa889b3a54f419e794afe19f56d5d/0ce7b4f1193c0ed6c6e31a960fafededf979eef2. It is recommended to apply a patch to fix this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-11
Last Modified
2026-04-29
Generated
2026-05-27
AI Q&A
2025-07-11
EPSS Evaluated
2026-05-25
NVD
CVE-2025-7435
EUVD
EUVD-2025-21100
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
livehelperchat lhc-php-resque *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the LiveHelperChat lhc-php-resque Extension, specifically in the List Handler component. It involves the manipulation of the argument queue name, which leads to a cross-site scripting (XSS) vulnerability. This means an attacker can inject malicious scripts remotely through the queue name parameter, potentially affecting users who interact with the vulnerable component. The vulnerability has been publicly disclosed and a patch is recommended to fix the issue.


How can this vulnerability impact me? :

The vulnerability can allow an attacker to perform cross-site scripting attacks remotely by manipulating the queue name argument. This could lead to the execution of malicious scripts in the context of users interacting with the affected component, potentially resulting in unauthorized actions, session hijacking, or other malicious activities. The impact is limited to integrity and user interaction, with no direct impact on confidentiality or availability according to the CVSS scores.


What immediate steps should I take to mitigate this vulnerability?

Apply the patch identified by commit 542aa8449b5aa889b3a54f419e794afe19f56d5d/0ce7b4f1193c0ed6c6e31a960fafededf979eef2 to fix the issue. Since the vulnerability involves cross-site scripting via manipulation of the queue name argument in the List Handler component, patching is the recommended immediate mitigation step.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart