Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
LivezillaLivezilla

21 matches found

CVE
CVEadded 2019/06/25 1:15 p.m.176 views

CVE-2019-12962

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.

6.1CVSS6AI score0.06302EPSS
CVE
CVEadded 2019/06/25 1:15 p.m.65 views

CVE-2019-12963

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action.

6.1CVSS5.9AI score0.00317EPSS
CVE
CVEadded 2019/06/25 1:15 p.m.60 views

CVE-2019-12960

LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d.

9.8CVSS9.8AI score0.00366EPSS
CVE
CVEadded 2019/06/25 1:15 p.m.59 views

CVE-2019-12961

LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function.

8.8CVSS9.1AI score0.00495EPSS
CVE
CVEadded 2019/06/25 1:15 p.m.59 views

CVE-2019-12964

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject.

6.1CVSS5.9AI score0.00317EPSS
CVE
CVEadded 2020/03/09 7:15 p.m.57 views

CVE-2020-9758

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level...

9.6CVSS9.4AI score0.02404EPSS
CVE
CVEadded 2019/06/24 4:15 p.m.55 views

CVE-2019-12939

LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter.

9.8CVSS9.8AI score0.0041EPSS
CVE
CVEadded 2014/02/14 7:55 p.m.52 views

CVE-2013-7032

Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) customer name in a resource created from an uploaded file, a different vulnerabi...

4.3CVSS5.6AI score0.00256EPSS
CVE
CVEadded 2013/12/10 4:11 p.m.46 views

CVE-2013-6224

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, w...

4.3CVSS5.6AI score0.00445EPSS
CVE
CVEadded 2014/05/05 5:6 p.m.45 views

CVE-2013-7003

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php.

4.3CVSS5.6AI score0.00256EPSS
CVE
CVEadded 2014/05/19 2:55 p.m.45 views

CVE-2013-7033

LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-s...

4.3CVSS6AI score0.0025EPSS
CVE
CVEadded 2014/05/05 5:6 p.m.44 views

CVE-2013-7034

The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.

7.5CVSS7.7AI score0.00703EPSS
CVE
CVEadded 2013/12/21 12:55 a.m.43 views

CVE-2013-7002

Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the g_language parameter.

4.3CVSS5.7AI score0.0034EPSS
CVE
CVEadded 2020/01/13 2:15 p.m.41 views

CVE-2013-6225

LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability

9.8CVSS9.6AI score0.54061EPSS
CVE
CVEadded 2019/06/24 4:15 p.m.40 views

CVE-2019-12940

LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter.

7.1CVSS6.4AI score0.00296EPSS
CVE
CVEadded 2014/05/19 2:55 p.m.39 views

CVE-2013-7385

LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an ind...

6.8CVSS6AI score0.00437EPSS
CVE
CVEadded 2009/12/29 8:41 p.m.35 views

CVE-2009-4450

Multiple cross-site scripting (XSS) vulnerabilities in map.php in LiveZilla 3.1.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lat, (2) lng, and (3) zom parameters, which are not properly handled when processed with templates/map.tpl.

4.3CVSS5.8AI score0.00959EPSS
CVE
CVEadded 2010/12/30 7:0 p.m.35 views

CVE-2010-4276

Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid function in templates/jscript/jstrack.tpl in LiveZilla 3.2.0.2 allows remote attackers to inject arbitrary web script or HTML via the livezilla parameter in a track action to server.php.

4.3CVSS5.8AI score0.02337EPSS
CVE
CVEadded 2014/06/09 7:55 p.m.35 views

CVE-2013-6223

LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file.

2.1CVSS6.5AI score0.00061EPSS
CVE
CVEadded 2018/01/18 2:29 p.m.35 views

CVE-2017-15869

Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter.

6.1CVSS6AI score0.00399EPSS
CVE
CVEadded 2018/05/16 1:29 p.m.33 views

CVE-2018-10810

chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header.

6.1CVSS6.5AI score0.0028EPSS