Vulners
Lucene search
LiveZilla Cross Site Scripting
🗓️ 27 Dec 2010 00:00:00Reported by Rodrigo Rubira BrancoType 
packetstorm🔗 packetstormsecurity.com👁 42 Views
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | CVE-2010-4276 | 27 Dec 201000:00 | – | circl |
 | CVE-2010-4276 | 30 Dec 201018:00 | – | cve |
 | CVE-2010-4276 | 30 Dec 201018:00 | – | cvelist |
 | EUVD-2010-4249 | 7 Oct 202500:30 | – | euvd |
 | CVE-2010-4276 | 30 Dec 201019:00 | – | nvd |
 | LiveZilla 'Track' Module 'server.php' Cross Site Scripting Vulnerability | 3 Jan 201100:00 | – | openvas |
 | Cross site scripting | 30 Dec 201019:00 | – | prion |
`Check Point Software Technologies - Vulnerability Discovery Team (VDT)
http://www.checkpoint.com/defense/
LiveZilla Cross Site Scripting Vulnerability
CVE-2010-4276
INTRODUCTION
Accordingly to LiveZilla GmbH, "the Next Generation Live Help and Live Support System connects you to your website visitors. Use LiveZilla to provide
Live Chats and monitor your website visitors in real-time. Convert visitors to customers - with LiveZilla! "
This problem was confirmed in the following versions of the LiveZilla, other versions maybe also affected. LiveZilla released an update to fix the vulnerability.
LiveZilla v3.2.0.2
CVSS Scoring System
The CVSS score is: 6.4
Base Score: 6.7
Temporal Score: 6.4
We used the following values to calculate the scores:
Base score is: AV:N/AC:L/Au:N/C:C/I:C/A:N
Temporal score is: E:F/RL:U/RC:C
DETAILS
LiveZilla is affected by Reflected Cross Site Scripting in server.php, in the module track which calls a vulnerable javascript function.
This request:
http://<server>/livezilla/server.php?request=track&livezilla=<script>alert('xss')</script>
Will pass thru the following files:
htdocs\livezilla\server.php
htdocs\livezilla\track.php
htdocs\livezilla\templates\jscript\jstrack.tpl
And finally land in this excerpt of code:
---
207
208 function lz_tracking_set_sessid(_userId, _browId)
209 {
210 if(lz_session.UserId != _userId)
211 {
212 lz_session.UserId = _userId;
213 lz_session.BrowserId = _browId;
214 lz_session.Save();
215 }
216 }
217
---
The javascript file jstrack.tpl is called by track.php and contains a function named lz_tracking_set_sessid(). This function do not sanitize
data and thus an attacker can inject a malicious javascript code allowing Reflected Cross Site Script attacks against users.
CREDITS
This vulnerability has been brought to our attention by Ulisses Castro from Conviso IT Security company (http://www.conviso.com.br) and was
researched internally by Rodrigo Rubira Branco from the Check Point Vulnerability Discovery Team (VDT).
Rodrigo Rubira Branco
Senior Security Researcher
Vulnerability Discovery Team (VDT)
Check Point Software Technologies
http://www.checkpoint.com/defense
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Dec 2010 00:00Current
EPSS0.04683