PT-2010-5394 · Livezilla · Livezilla

Rodrigo Rubira Branco

Published

2010-12-30

Updated

2011-01-11

CVE-2010-4276

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions LiveZilla version 3.2.0.2

Description A cross-site scripting (XSS) issue exists in the lz tracking set sessid function, allowing remote attackers to inject arbitrary web script or HTML via the livezilla parameter in a track action to "server.php".

Recommendations For LiveZilla version 3.2.0.2, consider disabling the lz tracking set sessid function until a patch is available. Restrict access to the "server.php" endpoint to minimize the risk of exploitation. Avoid using the livezilla parameter in the track action until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2010-4276

Affected Products

Livezilla

PT-2010-5394 · Livezilla · Livezilla

CVE-2010-4276

Weakness Enumeration

Related Identifiers

Affected Products

References · 8