Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Livezilla
(Livezilla)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 21 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-06-25 | CVE-2019-12962 | LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header. | Livezilla | 6.1 | ||
| 2020-03-09 | CVE-2020-9758 | An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The attack fetches multiple credentials because they are stored in the database (stored XSS). This affects the mobile/chat URI via the lgn and psswrd parameters. | Livezilla | N/A | ||
| 2020-01-13 | CVE-2013-6225 | LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability | Livezilla | N/A | ||
| 2019-06-24 | CVE-2019-12939 | LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter. | Livezilla | 9.8 | ||
| 2019-06-25 | CVE-2019-12964 | LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject. | Livezilla | 6.1 | ||
| 2019-06-25 | CVE-2019-12963 | LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action. | Livezilla | 6.1 | ||
| 2019-06-25 | CVE-2019-12961 | LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function. | Livezilla | 8.8 | ||
| 2019-06-25 | CVE-2019-12960 | LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d. | Livezilla | 9.8 | ||
| 2019-06-24 | CVE-2019-12940 | LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter. | Livezilla | 5.9 | ||
| 2018-01-18 | CVE-2017-15869 | Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter. | Livezilla | 6.1 |