LiveZilla 7.0.6.0 Cross Site Scripting

2018-01-16T00:00:00
ID PACKETSTORM:145930
Type packetstorm
Reporter Tim Kretschmann
Modified 2018-01-16T00:00:00

Description

                                        
                                            `1. ADVISORY SUMMARY  
  
LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php  
  
Risk: Medium  
  
Application: LiveZilla  
Versions Affected: 7.0.6.0  
Vendor: LiveZilla GmbH  
Vendor URL: https://www.livezilla.net/  
  
Sent to vendor: 04.12.2017  
Vendor response: Acknowledge 04.12.2017  
Published fixed Release by vendor: 15.12.2017 (7.0.8.9)  
Date of Public Advisory: 16.01.2018  
  
Advisory URL: https://www.pallas.com/advisories/cve-2017-15869-livezilla-xss-knowledgebase  
Author: Tim Kretschmann (Pallas GmbH)  
Version and State of report: 1.0 (16.01.2018) - published  
  
  
2. VULNERABILITY INFORMATION  
  
A cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla 7.0.6.0 allow remote attackers to inject arbitrary web script or HTML via the search-for parameter.   
  
Remotely Exploitable: Yes  
Locally Exploitable: No  
CVE: CVE-2017-15869  
CVSS Base Score v2: 6.1 / 10  
CVSS Base Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N  
  
  
3. VULNERABILITY DESCRIPTION  
  
A cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla 7.0.6.0 allow remote attackers to inject arbitrary web script or HTML via the search-for parameter.   
  
  
4. SOLUTIONS AND WORKAROUNDS  
  
Update to Release 7.0.8.9 or higher (Dec 2017)  
No possible workaround before 7.0.8.9  
  
  
5. AUTHOR  
  
Tim Kretschmann (Pallas GmbH)  
  
  
6. TECHNICAL DESCRIPTION / PROOF OF CONCEPT (PoC)   
  
Attack Vector:  
/knowledgebase.php?entry=show&searchfor=ae2w1%22onfocus%3d%22alert(1)%22autofocus%3d%22bvofh&article=<IfOfArticle>   
  
  
7. TIMELINE  
  
04.12.2017 - E-Mail with Bug Information to LiveZilla  
04.12.2017 - Acknowledged the bug  
15.12.2017 LiveZilla published Release 7.0.8.9 (see https://www.livezilla.net/changelog/en/)  
16.01.2018 Pallas published Advisory  
  
  
8. ABOUT PALLAS GMBH  
  
Pallas provides security consulting, pentesting, managed security services and hosting services with focus on security.  
Adress: Pallas GmbH, Hermuelheimer Strasse 8a, 50321 Bruehl, GERMANY  
Phone: 0049.2232.18960  
Fax: 0049.2232.198629  
Web: https://www.pallas.com/  
`