Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7033

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-7033
Last Modified 20 May 2014 08:03:46
Published 19 May 2014 10:55:09
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-7033

Summary

LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack.

Vulnerable Systems

Application

  • Livezilla 5.0.1.0

  • Livezilla 5.0.1.1

  • Livezilla 5.0.1.2

  • Livezilla 5.0.1.3

  • Livezilla 5.0.1.4

  • Livezilla 5.1.0.0

  • Livezilla 5.1.1.0

  • Livezilla 5.1.2.0


References

MISC - http://packetstormsecurity.com/files/124444/LiveZilla-5.1.2.0-Insecure-Password-Storage.html

CONFIRM - http://forums.livezilla.net/index.php?/topic/163-livezilla-changelog/


Last Updated: 27 May 2016 11:05:19