Skip to content

ari034/CVE-2020-9758

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

CVE-2020-9758

[Description] An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The attack fetches multiple credentials because they are stored in the database (stored XSS). This affects the mobile/chat URI via the lgn and psswrd parameters.


[Additional Information] The leakage of credentials through the URI may be the result of the autologin feature. Also more parameters in the chat.php form may be vulnerable.


[Vulnerability Type] Cross Site Scripting (XSS)


[Vendor of Product] Livezilla


[Affected Product Code Base] Livechat Helpdesk - 8.0.1.3


[Affected Component] Input URL : https://livechat.example.com/chat.php Vulnerable Parameter : name Affected URL : https://livechat.example.com/mobile/chat?lgn=base64_encoded(username)&psswrd=base64_encoded(password)


[Attack Type] Remote


[Impact Escalation of Privileges] true


[Impact Information Disclosure] true


[Attack Vectors] Blind Unauthenticated Stored XSS


[Reference] https://www.livezilla.net


[Discoverer] Arihant Singh

About

Form submission for vulnerability in livezilla

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published