A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient Lists.
The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.