CVE-2010-4276

Name of the Vulnerable Software and Affected Versions LiveZilla version 3.2.0.2

Description A cross-site scripting (XSS) issue exists in the lz tracking set sessid function, allowing remote attackers to inject arbitrary web script or HTML via the livezilla parameter in a track action to "server.php".

Recommendations For LiveZilla version 3.2.0.2, consider disabling the lz tracking set sessid function until a patch is available. Restrict access to the "server.php" endpoint to minimize the risk of exploitation. Avoid using the livezilla parameter in the track action until the issue is resolved.