Product
livezilla
21 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2020-9758
CVE-2013-6225
CVE-2019-12964
CVE-2019-12963
CVE-2019-12962
CVE-2019-12961
CVE-2019-12960
CVE-2019-12940
CVE-2019-12939
CVE-2018-10810
CVE-2017-15869
CVE-2013-6223
CVE-2013-7385
CVE-2013-7033
CVE-2013-7034
CVE-2013-7003
CVE-2013-7032
CVE-2013-7002
CVE-2013-6224
CVE-2010-4276
CVE-2009-4450
< 8.0.1.3
An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name param
all versions
LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability
< 8.0.1.1
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject.
< 8.0.1.1
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action.
< 8.0.1.1
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.
< 8.0.1.1
LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function.
< 8.0.1.1
LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d.
< 8.0.1.1
LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer v
< 8.0.1.1
LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter.
<= 7.0.9.5
chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP he
< 7.0.8.9
Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitr
<= 5.1.0.0
LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtai
<= 5.1.2.1
LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by
<= 5.1.2.0
LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, w
<= 5.1.2.0
The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitr
<= 5.1.1.0
Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web scr
<= 5.1.2.0
Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote atta
<= 5.1.0.0
Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers t
<= 5.1.0.0
Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web scr
all versions
Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid function in templates/jscript/jstrack.tpl in LiveZilla 3.2.
all versions
Multiple cross-site scripting (XSS) vulnerabilities in map.php in LiveZilla 3.1.8.3 allow remote attackers to inject arbitrary web