CVE-2013-7032

Name of the Vulnerable Software and Affected Versions LiveZilla versions prior to 5.1.2.1

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the web-based operator client. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters, including the name of an uploaded file or the customer name in a resource created from an uploaded file.

Recommendations For versions prior to 5.1.2.1, update to version 5.1.2.1 or later to resolve the issue. As a temporary workaround, consider restricting the upload of files and limiting the input for customer names to minimize the risk of exploitation. Avoid using the name variable for uploaded files and the customer name variable in resources created from uploaded files until the issue is resolved.