Vulnerabilities > Livezilla > Livezilla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-09 | CVE-2020-9758 | Cross-site Scripting vulnerability in Livezilla An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). | 4.3 |
| 2019-06-25 | CVE-2019-12964 | Cross-site Scripting vulnerability in Livezilla LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject. | 4.3 |
| 2019-06-25 | CVE-2019-12963 | Cross-site Scripting vulnerability in Livezilla LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action. | 4.3 |
| 2019-06-25 | CVE-2019-12962 | Cross-site Scripting vulnerability in Livezilla LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header. | 4.3 |
| 2019-06-25 | CVE-2019-12961 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Livezilla LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function. | 6.8 |
| 2018-05-16 | CVE-2018-10810 | Cross-site Scripting vulnerability in Livezilla chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header. | 4.3 |
| 2018-01-18 | CVE-2017-15869 | Cross-site Scripting vulnerability in Livezilla Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter. | 4.3 |
| 2014-05-19 | CVE-2013-7385 | Cryptographic Issues vulnerability in Livezilla LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. | 6.8 |
| 2014-05-19 | CVE-2013-7033 | Cryptographic Issues vulnerability in Livezilla LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. | 4.3 |
| 2014-05-05 | CVE-2013-7003 | Cross-Site Scripting vulnerability in Livezilla Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php. | 4.3 |