Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
LiveZilla 加密问题漏洞
Vulnerability Description
LiveZilla是德国LiveZilla公司的一套免费的在线客服系统。该系统提供实时监测访客、离线留言、GeoTracking地图跟踪、访问统计、在线聊天等功能。 LiveZilla 5.1.2.0及之前的版本中存在安全漏洞,该漏洞源于程序以明文方式存储密码。远程攻击者可通过访问loginName和loginPassword变量利用该漏洞获取敏感信息,获取特权。
CVSS Information
N/A
Vulnerability Type
N/A