Livezilla@5.0.1.2 Security Vulnerabilities and Issues — Livezilla@5.0.1.2 CVE List

Lucene search

LivezillaLivezilla5.0.1.2

8 matches found

cve•added 2014/02/14 7:55 p.m.•52 views

CVE-2013-7032

Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) customer name in a resource created from an uploaded file, a different vulnerabi...

4.3CVSS5.6AI score0.00256EPSS

cve•added 2013/12/10 4:11 p.m.•46 views

CVE-2013-6224

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, w...

4.3CVSS5.6AI score0.00445EPSS

cve•added 2014/05/05 5:6 p.m.•45 views

CVE-2013-7003

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php.

4.3CVSS5.6AI score0.00256EPSS

cve•added 2014/05/19 2:55 p.m.•45 views

CVE-2013-7033

LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-s...

4.3CVSS6AI score0.0025EPSS

cve•added 2014/05/05 5:6 p.m.•44 views

CVE-2013-7034

The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.

7.5CVSS7.7AI score0.00703EPSS

cve•added 2013/12/21 12:55 a.m.•43 views

CVE-2013-7002

Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the g_language parameter.

4.3CVSS5.7AI score0.0034EPSS

cve•added 2014/05/19 2:55 p.m.•39 views

CVE-2013-7385

LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an ind...

6.8CVSS6AI score0.00437EPSS

cve•added 2014/06/09 7:55 p.m.•35 views

CVE-2013-6223

LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file.

2.1CVSS6.5AI score0.00061EPSS