CVE Vulnerabilities

CVE-2013-7385

Published: May 19, 2014 | Modified: May 20, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7033.

Affected Software

Name Vendor Start Version End Version
Livezilla Livezilla * 5.1.2.1 (including)
Livezilla Livezilla 5.0.1.0 (including) 5.0.1.0 (including)
Livezilla Livezilla 5.0.1.1 (including) 5.0.1.1 (including)
Livezilla Livezilla 5.0.1.2 (including) 5.0.1.2 (including)
Livezilla Livezilla 5.0.1.3 (including) 5.0.1.3 (including)
Livezilla Livezilla 5.0.1.4 (including) 5.0.1.4 (including)
Livezilla Livezilla 5.1.0.0 (including) 5.1.0.0 (including)
Livezilla Livezilla 5.1.1.0 (including) 5.1.1.0 (including)
Livezilla Livezilla 5.1.2.0 (including) 5.1.2.0 (including)

References