CVE-2013-7033

Published: May 19, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack.

Affected (8)

Products: Livezilla: Livezilla

Livezilla

1 product

Livezilla

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Livezilla Livezilla	Up to 5.1.2.0
Livezilla Livezilla	Version 5.0.1.0
Livezilla Livezilla	Version 5.0.1.1
Livezilla Livezilla	Version 5.0.1.2
Livezilla Livezilla	Version 5.0.1.3
Livezilla Livezilla	Version 5.0.1.4
Livezilla Livezilla	Version 5.1.0.0
Livezilla Livezilla	Version 5.1.1.0

Related CWEs

CWE-310

References (4)

http://forums.livezilla.net/index.php?/topic/163-livezilla-changelog/

Source: cve@mitre.org

http://packetstormsecurity.com/files/124444/LiveZilla-5.1.2.0-Insecure-Password-Storage.html

Source: cve@mitre.org

Exploit

http://forums.livezilla.net/index.php?/topic/163-livezilla-changelog/

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/124444/LiveZilla-5.1.2.0-Insecure-Password-Storage.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.