Skip to main content

Livezilla CVE-2013-6224

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2013-12-10 cve@mitre.org
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 10, 2013 - 16:11 cve.org
MEDIUM 4.3

DescriptionCVE.org

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, which is saved in the archive section.

AnalysisAI

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, which is saved in the archive section. Affected products include: Livezilla. Version information: before 5.1.1.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2019-12960 CRITICAL POC
9.8 Jun 25

LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_d

CVE-2019-12939 CRITICAL POC
9.8 Jun 24

LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter. Rated critical

CVE-2019-12961 HIGH POC
8.8 Jun 25

LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function. Rated high severity (CVSS 8.8), t

CVE-2013-7385 MEDIUM POC
6.8 May 19

LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is gen

CVE-2019-12964 MEDIUM POC
6.1 Jun 25

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject. Rated medium severity (CVSS 6.1), this v

CVE-2019-12963 MEDIUM POC
6.1 Jun 25

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action. Rated medium severity (CVSS 6

CVE-2019-12962 MEDIUM POC
6.1 Jun 25

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header. Rated medi

CVE-2019-12940 MEDIUM POC
5.9 Jun 24

LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large

CVE-2020-9758 CRITICAL
9.6 Mar 09

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). Rated critical severity (CVSS 9.6), this

CVE-2013-7002 MEDIUM POC
4.3 Dec 21

Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote a

CVE-2013-7003 MEDIUM POC
4.3 May 05

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitra

CVE-2013-7033 MEDIUM POC
4.3 May 19

LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/c

Share

CVE-2013-6224 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy