CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
67.8%
LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7033.
Vendor | Product | Version | CPE |
---|---|---|---|
livezilla | livezilla | 5.0.1.3 | cpe:/a:livezilla:livezilla:5.0.1.3::: |
livezilla | livezilla | 5.0.1.2 | cpe:/a:livezilla:livezilla:5.0.1.2::: |
livezilla | livezilla | 5.1.0.0 | cpe:/a:livezilla:livezilla:5.1.0.0::: |
livezilla | livezilla | 5.0.1.1 | cpe:/a:livezilla:livezilla:5.0.1.1::: |
livezilla | livezilla | cpe:/a:livezilla:livezilla:::: | |
livezilla | livezilla | 5.1.1.0 | cpe:/a:livezilla:livezilla:5.1.1.0::: |
livezilla | livezilla | 5.1.2.0 | cpe:/a:livezilla:livezilla:5.1.2.0::: |
livezilla | livezilla | 5.0.1.4 | cpe:/a:livezilla:livezilla:5.0.1.4::: |
livezilla | livezilla | 5.0.1.0 | cpe:/a:livezilla:livezilla:5.0.1.0::: |