Livezilla

livezilla

21 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Livezilla

livezilla

21 CVEs

CVEs (21)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-9758 1Livezilla 1Livezilla Nov 21, 2024 Mar 9, 2020 N/A· v4 9.6 CRITICAL· v3 4.3 MEDIUM· v2 An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in th...Show more An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The attack fetches multiple credentials because they are stored in the database (stored XSS). This affects the mobile/chat URI via the lgn and psswrd parameters.Show less
CVE-2013-6225 1Livezilla 1Livezilla Nov 21, 2024 Jan 13, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability
CVE-2019-12964 1Livezilla 1Livezilla Nov 21, 2024 Jun 25, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject.
CVE-2019-12963 1Livezilla 1Livezilla Nov 21, 2024 Jun 25, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action.
CVE-2019-12962 1Livezilla 1Livezilla Nov 21, 2024 Jun 25, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.
CVE-2019-12961 1Livezilla 1Livezilla Nov 21, 2024 Jun 25, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function.
CVE-2019-12960 1Livezilla 1Livezilla Nov 21, 2024 Jun 25, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d.
CVE-2019-12940 1Livezilla 1Livezilla Nov 21, 2024 Jun 24, 2019 N/A· v4 5.9 MEDIUM· v3 7.1 HIGH· v2 LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter.
CVE-2019-12939 1Livezilla 1Livezilla Nov 21, 2024 Jun 24, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter.
CVE-2018-10810 1Livezilla 1Livezilla Nov 21, 2024 May 16, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header.
CVE-2017-15869 1Livezilla 1Livezilla Nov 21, 2024 Jan 18, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter.
CVE-2013-6223 1Livezilla 1Livezilla May 6, 2026 Jun 9, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file.
CVE-2013-7385 1Livezilla 1Livezilla May 6, 2026 May 19, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain...Show more LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7033.Show less
CVE-2013-7033 1Livezilla 1Livezilla May 6, 2026 May 19, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by a...Show more LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack.Show less
CVE-2013-7034 1Livezilla 1Livezilla May 6, 2026 May 5, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.
CVE-2013-7003 1Livezilla 1Livezilla May 6, 2026 May 5, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php.
CVE-2013-7032 1Livezilla 1Livezilla Apr 29, 2026 Feb 14, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) c...Show more Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) customer name in a resource created from an uploaded file, a different vulnerability than CVE-2013-7003.Show less
CVE-2013-7002 1Livezilla 1Livezilla Apr 29, 2026 Dec 21, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the g_language parameter.
CVE-2013-6224 1Livezilla 1Livezilla Apr 29, 2026 Dec 10, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to t...Show more Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, which is saved in the archive section.Show less
CVE-2010-4276 1Livezilla 1Livezilla Apr 29, 2026 Dec 30, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid function in templates/jscript/jstrack.tpl in LiveZilla 3.2.0.2 allows remote attackers to inject arbitrary web script or HTML via the livezilla param...Show more Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid function in templates/jscript/jstrack.tpl in LiveZilla 3.2.0.2 allows remote attackers to inject arbitrary web script or HTML via the livezilla parameter in a track action to server.php.Show less

12 Next