Title:LiveZilla Server 跨站脚本漏洞 (CVE-2019-12962) Description:LiveZilla Server是德国LiveZilla公司的一套免费的在线客服系统。该系统提供实时监测访客、离线留言、GeoTracking地图跟踪、访问统计、在线聊天等功能。 LiveZilla Server 8.0.1.1之前版本中的mobile/index.php文件存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
Description
LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting.
File Snapshot
id: CVE-2019-12962
info:
name: LiveZilla Server 8.0.1.0 - Cross-Site Scripting
author: Clment C
...
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.