Skip to main content

Livezilla

17 CVEs product

Monthly

CVE-2020-9758 CRITICAL Act Now

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Privilege Escalation PHP Livezilla
NVD GitHub
CVSS 3.1
9.6
EPSS
2.5%
CVE-2019-12964 MEDIUM POC This Month

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-12963 MEDIUM POC This Month

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-12962 MEDIUM POC This Month

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
9.1%
CVE-2019-12961 HIGH POC This Week

LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Livezilla
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2019-12960 CRITICAL POC Act Now

LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Livezilla
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-12940 MEDIUM POC This Month

LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Denial Of Service Livezilla
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2019-12939 CRITICAL POC Act Now

LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Livezilla
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-10810 MEDIUM This Month

chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Livezilla
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2013-6223 LOW POC Monitor

LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Livezilla
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-7385 MEDIUM POC This Month

LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-7033 MEDIUM POC This Month

LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-7034 HIGH This Week

The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection Livezilla
NVD VulDB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-7003 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7032 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Livezilla
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7002 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the g_language parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Livezilla
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6224 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Livezilla
NVD
CVSS 2.0
4.3
EPSS
0.4%
EPSS 2% CVSS 9.6
CRITICAL Act Now

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Privilege Escalation PHP +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD
EPSS 9% CVSS 6.1
MEDIUM POC This Month

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Livezilla
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Livezilla
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Denial Of Service Livezilla
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Livezilla
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Livezilla
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Livezilla
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Livezilla
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the g_language parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Livezilla
NVD
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Livezilla
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy