Vulnerabilities > Livezilla > Livezilla > 7.0.2.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-09 | CVE-2020-9758 | Cross-site Scripting vulnerability in Livezilla An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). | 4.3 |
| 2019-06-25 | CVE-2019-12964 | Cross-site Scripting vulnerability in Livezilla LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject. | 4.3 |
| 2019-06-25 | CVE-2019-12963 | Cross-site Scripting vulnerability in Livezilla LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action. | 4.3 |
| 2019-06-25 | CVE-2019-12962 | Cross-site Scripting vulnerability in Livezilla LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header. | 4.3 |
| 2019-06-25 | CVE-2019-12961 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Livezilla LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function. | 6.8 |
| 2019-06-25 | CVE-2019-12960 | SQL Injection vulnerability in Livezilla LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d. | 7.5 |
| 2019-06-24 | CVE-2019-12940 | Allocation of Resources Without Limits or Throttling vulnerability in Livezilla LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter. | 7.1 |
| 2019-06-24 | CVE-2019-12939 | SQL Injection vulnerability in Livezilla LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter. | 7.5 |
| 2018-05-16 | CVE-2018-10810 | Cross-site Scripting vulnerability in Livezilla chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header. | 4.3 |
| 2018-01-18 | CVE-2017-15869 | Cross-site Scripting vulnerability in Livezilla Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter. | 4.3 |