How to Buy
This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The remote web server contains a PHP application that is affected by
The version of LiveZilla hosted on the remote web server is affected
by multiple vulnerabilities :
- The application is affected by multiple cross-site
scripting (XSS) vulnerabilities because it fails to
properly sanitize user-supplied input. Note that
CVE-2013-7003 was reportedly fixed in version 220.127.116.11.
- The application insecurely stores credentials that are
to these credentials by exploiting a cross-site
scripting vulnerability. Note that the vendor update
partially fixes the issue by storing the credentials
as MD5 hashes. (CVE-2013-7033)
- The application is affected by a PHP object injection
vulnerability because it fails to properly sanitize
user-supplied input to the 'setCookieValue()' function
of the '_lib/functions.global.inc.php' script.
See also :
Upgrade to LiveZilla version 18.104.22.168 or later.
Risk factor :
Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 5.6
Public Exploit Available : true
Family: CGI abuses
Nessus Plugin ID: 71522 ()
Bugtraq ID: 64202643766437864383
CVE ID: CVE-2013-7003CVE-2013-7032CVE-2013-7033CVE-2013-7034
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.