Livezilla
by Livezilla
CVEs (18)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10810 | Med | 0.40 | 6.1 | 0.01 | May 16, 2018 | chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header. | ||
| CVE-2017-15869 | Med | 0.40 | 6.1 | 0.01 | Jan 18, 2018 | Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter. | ||
| CVE-2019-12962 | 0.03 | — | 0.09 | Jun 25, 2019 | LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header. | |||
| CVE-2010-4276 | 0.03 | — | 0.02 | Dec 30, 2010 | Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid function in templates/jscript/jstrack.tpl in LiveZilla 3.2.0.2 allows remote attackers to inject arbitrary web script or HTML via the livezilla parameter in a track action to server.php. | |||
| CVE-2009-4450 | 0.03 | — | 0.01 | Dec 29, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in map.php in LiveZilla 3.1.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lat, (2) lng, and (3) zom parameters, which are not properly handled when processed with templates/map.tpl. | |||
| CVE-2019-12964 | 0.00 | — | 0.01 | Jun 25, 2019 | LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject. | |||
| CVE-2019-12963 | 0.00 | — | 0.01 | Jun 25, 2019 | LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action. | |||
| CVE-2019-12961 | 0.00 | — | 0.01 | Jun 25, 2019 | LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function. | |||
| CVE-2019-12960 | 0.00 | — | 0.01 | Jun 25, 2019 | LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d. | |||
| CVE-2019-12939 | 0.00 | — | 0.01 | Jun 24, 2019 | LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter. | |||
| CVE-2013-6223 | 0.00 | — | 0.00 | Jun 9, 2014 | LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file. | |||
| CVE-2013-7385 | 0.00 | — | 0.01 | May 19, 2014 | LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword… | |||
| CVE-2013-7033 | 0.00 | — | 0.01 | May 19, 2014 | LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an… | |||
| CVE-2013-7034 | 0.00 | — | 0.02 | May 5, 2014 | The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie. | |||
| CVE-2013-7003 | 0.00 | — | 0.02 | May 5, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php. | |||
| CVE-2013-7032 | 0.00 | — | 0.02 | Feb 14, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) customer name in a resource created from an uploaded file, a… | |||
| CVE-2013-7002 | 0.00 | — | 0.01 | Dec 21, 2013 | Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the g_language parameter. | |||
| CVE-2013-6224 | 0.00 | — | 0.02 | Dec 10, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message… |
- risk 0.40cvss 6.1epss 0.01
chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter.
- CVE-2019-12962Jun 25, 2019risk 0.03cvss —epss 0.09
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.
- CVE-2010-4276Dec 30, 2010risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid function in templates/jscript/jstrack.tpl in LiveZilla 3.2.0.2 allows remote attackers to inject arbitrary web script or HTML via the livezilla parameter in a track action to server.php.
- CVE-2009-4450Dec 29, 2009risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in map.php in LiveZilla 3.1.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lat, (2) lng, and (3) zom parameters, which are not properly handled when processed with templates/map.tpl.
- CVE-2019-12964Jun 25, 2019risk 0.00cvss —epss 0.01
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject.
- CVE-2019-12963Jun 25, 2019risk 0.00cvss —epss 0.01
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action.
- CVE-2019-12961Jun 25, 2019risk 0.00cvss —epss 0.01
LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function.
- CVE-2019-12960Jun 25, 2019risk 0.00cvss —epss 0.01
LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d.
- CVE-2019-12939Jun 24, 2019risk 0.00cvss —epss 0.01
LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter.
- CVE-2013-6223Jun 9, 2014risk 0.00cvss —epss 0.00
LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file.
- CVE-2013-7385May 19, 2014risk 0.00cvss —epss 0.01
LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword…
- CVE-2013-7033May 19, 2014risk 0.00cvss —epss 0.01
LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an…
- CVE-2013-7034May 5, 2014risk 0.00cvss —epss 0.02
The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.
- CVE-2013-7003May 5, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php.
- CVE-2013-7032Feb 14, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) customer name in a resource created from an uploaded file, a…
- CVE-2013-7002Dec 21, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the g_language parameter.
- CVE-2013-6224Dec 10, 2013risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message…