CVE Vulnerabilities

CVE-2013-7033

Published: May 19, 2014 | Modified: May 20, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack.

Affected Software

Name Vendor Start Version End Version
Livezilla Livezilla * 5.1.2.0 (including)
Livezilla Livezilla 5.0.1.0 (including) 5.0.1.0 (including)
Livezilla Livezilla 5.0.1.1 (including) 5.0.1.1 (including)
Livezilla Livezilla 5.0.1.2 (including) 5.0.1.2 (including)
Livezilla Livezilla 5.0.1.3 (including) 5.0.1.3 (including)
Livezilla Livezilla 5.0.1.4 (including) 5.0.1.4 (including)
Livezilla Livezilla 5.1.0.0 (including) 5.1.0.0 (including)
Livezilla Livezilla 5.1.1.0 (including) 5.1.1.0 (including)

References