CVE-2010-4276
LiveZilla 3.2.0.2 - Cross-Site Scripting via livezilla Parameter in server.php
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2010-4276. PoCs published by Ulisses Castro.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in LiveZilla 3.2.0.2 due to improper input sanitization. The PoC provides a URL that injects arbitrary JavaScript code into the 'livezilla' parameter.
Description
Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid function in templates/jscript/jstrack.tpl in LiveZilla 3.2.0.2 allows remote attackers to inject arbitrary web script or HTML via the livezilla parameter in a track action to server.php.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in LiveZilla 3.2.0.2 due to improper input sanitization. The PoC provides a URL that injects arbitrary JavaScript code into the 'livezilla' parameter.