CVE-2013-6224 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, which is saved in the archive section.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Livezilla	Livezilla

Configuration 1 [-]

OR	cpe:2.3:a:livezilla:livezilla::::::::
	cpe:2.3:a:livezilla:livezilla:3.1.8.3:::::::*
	cpe:2.3:a:livezilla:livezilla:3.2.0.2:::::::*
	cpe:2.3:a:livezilla:livezilla:4.0.1.0:::::::*
	cpe:2.3:a:livezilla:livezilla:4.0.1.1:::::::*
	cpe:2.3:a:livezilla:livezilla:4.0.1.2:::::::*
	cpe:2.3:a:livezilla:livezilla:4.1.0.3:::::::*
	cpe:2.3:a:livezilla:livezilla:4.1.0.4:::::::*
	cpe:2.3:a:livezilla:livezilla:4.2.0.4:::::::*
	cpe:2.3:a:livezilla:livezilla:4.2.0.5:::::::*
	cpe:2.3:a:livezilla:livezilla:5.0.1.0:::::::*
	cpe:2.3:a:livezilla:livezilla:5.0.1.1:::::::*
	cpe:2.3:a:livezilla:livezilla:5.0.1.2:::::::*
	cpe:2.3:a:livezilla:livezilla:5.0.1.3:::::::*
	cpe:2.3:a:livezilla:livezilla:5.0.1.4:::::::*

References

Link	Resource
http://osvdb.org/100399
http://osvdb.org/100401
http://osvdb.org/100402
http://packetstormsecurity.com/files/124222	Exploit
http://seclists.org/fulldisclosure/2013/Nov/208	Exploit
http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog/	Patch
https://cureblog.de/2013/12/cve-2013-6224-cross-site-scripting-in-livezilla	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/89315

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2013-12-10T16:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2013-10-21T00:00:00

Link: CVE-2013-6224

JSON object: View

NVD Information

Status : Modified

Published: 2013-12-10T16:11:19.070

Modified: 2017-08-29T01:33:55.637

Link: CVE-2013-6224

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-28T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, which is saved in the archive section."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "100399", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/100399"}, {"tags": ["x_refsource_MISC"], "url": "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog/"}, {"tags": ["x_refsource_MISC"], "url": "https://cureblog.de/2013/12/cve-2013-6224-cross-site-scripting-in-livezilla"}, {"name": "100401", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/100401"}, {"name": "livezilla-cve20136224-xss(89315)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89315"}, {"name": "20131128 CVE-2013-6224: XSS in Livezilla prior version 5.1.1.0", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2013/Nov/208"}, {"name": "100402", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/100402"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/124222"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6224", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, which is saved in the archive section."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "100399", "refsource": "OSVDB", "url": "http://osvdb.org/100399"}, {"name": "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog/", "refsource": "MISC", "url": "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog/"}, {"name": "https://cureblog.de/2013/12/cve-2013-6224-cross-site-scripting-in-livezilla", "refsource": "MISC", "url": "https://cureblog.de/2013/12/cve-2013-6224-cross-site-scripting-in-livezilla"}, {"name": "100401", "refsource": "OSVDB", "url": "http://osvdb.org/100401"}, {"name": "livezilla-cve20136224-xss(89315)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89315"}, {"name": "20131128 CVE-2013-6224: XSS in Livezilla prior version 5.1.1.0", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2013/Nov/208"}, {"name": "100402", "refsource": "OSVDB", "url": "http://osvdb.org/100402"}, {"name": "http://packetstormsecurity.com/files/124222", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/124222"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-6224", "datePublished": "2013-12-10T16:00:00", "dateReserved": "2013-10-21T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:livezilla:livezilla:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E71FD11-CCE4-4D64-B16A-87527E8076B9", "versionEndIncluding": "5.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:3.1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "56789521-4DD0-4FE8-80E4-9D99BDD43551", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:3.2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "8284B387-D399-49D1-921C-414A8B9E6DF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2D97BE25-92A1-4F57-B433-0650BEC6A714", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D38AA0A9-D234-4366-BCA2-7E8D44B5AE3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "AE5118FB-A7DB-4E40-8B65-F72BA94FADF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "C3585416-E7D6-4F2E-974F-6033B1EA493D", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "A015EC43-FEE9-401E-879E-5075E98E7566", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "171BA61E-BC9A-46E7-B69A-CDC01D6B1CC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "013B3FB8-47DB-4C27-894E-E837200D267F", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:5.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D4F8D1A5-B008-4D92-9522-FD9B82A5C6F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:5.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C198E0EB-5E32-4952-9297-BC05C2E8EC77", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:5.0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "E252F349-6B4C-4DD0-B566-6F701F5D639F", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:5.0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "DF76D3A5-3926-40B2-85A2-DF088428CB9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:5.0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "3BF03B88-78BB-447E-A8E3-3053DEAB5BA9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, which is saved in the archive section."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en LiveZilla anterior a la versi\u00f3n 5.1.1.0 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s de (1) un nombre en la caracter\u00edstica de administrador de llamada, (2) vectores sin especificar hacia el panel de informaci\u00f3n de visitas del administrador, o (3) un mensaje de texto en una sesi\u00f3n de chat, el cual es guardado en la secci\u00f3n de archivo."}], "id": "CVE-2013-6224", "lastModified": "2017-08-29T01:33:55.637", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-12-10T16:11:19.070", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/100399"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/100401"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/100402"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/124222"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2013/Nov/208"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog/"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://cureblog.de/2013/12/cve-2013-6224-cross-site-scripting-in-livezilla"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89315"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}