CVE-2013-7032

Livezilla < 5.1.2.0 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) customer name in a resource created from an uploaded file, a different vulnerability than CVE-2013-7003.

References (4)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2013-12/0074.html

[Third Party Advisory, VDB Entry] http://osvdb.org/101080

[Patch, Vendor Advisory] http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/89809

Scores

EPSS 0.0026

EPSS Percentile 48.7%

Details

CWE

CWE-79

Status published

Products (18)

livezilla/livezilla < 5.1.2.0

livezilla/livezilla

... and 8 more

Published Feb 14, 2014

Tracked Since Feb 18, 2026