CVE Tools

livezilla

Communicationscommercial

10

Cumulative CVEs

6

Monthly snapshots

#36

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting livezilla.

CVE-2020-9758An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the h...9.6Mar 9, 2020
CVE-2013-6225LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability9.8Jan 13, 2020
CVE-2019-12964LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject.6.1Jun 25, 2019
CVE-2019-12963LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action.6.1Jun 25, 2019
CVE-2019-12962LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.6.1Jun 25, 2019
CVE-2019-12961LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function.8.8Jun 25, 2019
CVE-2019-12960LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d.9.8Jun 25, 2019
CVE-2019-12940LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter.5.9Jun 24, 2019
CVE-2019-12939LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter.9.8Jun 24, 2019
CVE-2018-10810chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header.6.1May 16, 2018
CVE-2017-15869Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter.6.1Jan 18, 2018
CVE-2013-6223LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file.2.1Jun 9, 2014
CVE-2013-7033LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information a...4.3May 19, 2014
CVE-2013-7385LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensiti...6.8May 19, 2014
CVE-2013-7034The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.7.5May 5, 2014