4 matches found
CVE-2020-9758
An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 Helpdesk. A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level...
CVE-2020-9758
An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 Helpdesk. A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level...
CVE-2020-9758
LiveZilla Live Chat 8.0.1.3 (Helpdesk) is affected by CVE-2020-9758 due to a blind JavaScript injection in chat.php (name parameter). This stored XSS can reveal usernames/passwords stored in the database via the mobile/chat URI (lgn/psswrd), enabling privilege escalation from unauthenticated to u...
CVE-2020-9758
An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 Helpdesk. A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level...