Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, which is saved in the archive section.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Livezilla 跨站脚本漏洞
Vulnerability Description
LiveZilla是德国LiveZilla公司的一套免费的在线客服系统。该系统提供实时监测访客、离线留言、GeoTracking地图跟踪、访问统计、在线聊天等功能。 LiveZilla 5.1.1.0之前的版本中存在三个跨站脚本漏洞,这些漏洞源于(1)管理员的访客信息面板没有正确过滤用户提交的输入,(2)聊天会话短信没有正确过滤用户提交的输入,(3)呼叫管理员功能没有正确过滤‘Name’字段。远程攻击者可利用这些漏洞注入任意Web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A