Published: 09/03/2020 Updated: 10/03/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 9.6 | Impact Score: 6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

An issue exists in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The attack fetches multiple credentials because they are stored in the database (stored XSS). This affects the mobile/chat URI via the lgn and psswrd parameters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
livezilla livezilla

Form submission for vulnerability in livezilla

CVE-2020-9758 [Description] An issue was discovered in chatphp in LiveZilla Live Chat 8013 (Helpdesk) A blind JavaScript injection lies in the name parameter Triggering this can fetch the username and passwords of the helpdesk employees in the URI This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover The attac

CWE-79 https://github.com/ari034/CVE-2020-9758 https://nvd.nist.gov https://github.com/ari034/CVE-2020-9758

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-9758

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect