Описание
Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) customer name in a resource created from an uploaded file, a different vulnerability than CVE-2013-7003.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.1.2.0 (включая)
Одно из
cpe:2.3:a:livezilla:livezilla:*:*:*:*:*:*:*:*
cpe:2.3:a:livezilla:livezilla:3.1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:livezilla:livezilla:3.2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:livezilla:livezilla:4.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:livezilla:livezilla:4.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:livezilla:livezilla:4.0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:livezilla:livezilla:4.1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:livezilla:livezilla:4.1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:livezilla:livezilla:4.2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:livezilla:livezilla:4.2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:livezilla:livezilla:5.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:livezilla:livezilla:5.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:livezilla:livezilla:5.0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:livezilla:livezilla:5.0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:livezilla:livezilla:5.0.1.4:*:*:*:*:*:*:*
cpe:2.3:a:livezilla:livezilla:5.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:livezilla:livezilla:5.1.1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00256
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
около 3 лет назад
Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) customer name in a resource created from an uploaded file, a different vulnerability than CVE-2013-7003.
EPSS
Процентиль: 49%
0.00256
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79