CVE-2013-6224

Name of the Vulnerable Software and Affected Versions LiveZilla versions prior to 5.1.1.0

Description The issue allows remote attackers to inject arbitrary web script or HTML via a name in the call administrator feature, unspecified vectors to the admins visitor information panel, or a text message in a chat session, which is saved in the archive section. This can be achieved through multiple cross-site scripting (XSS) vulnerabilities.

Recommendations For versions prior to 5.1.1.0, update to version 5.1.1.0 or later to resolve the issue. As a temporary workaround, consider restricting user input in the call administrator feature, admins visitor information panel, and chat sessions to minimize the risk of exploitation. Avoid saving text messages from chat sessions in the archive section until the issue is resolved.