CVE-2013-6224 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, which is saved in the archive section.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Livezilla	Livezilla

Configuration 1 [-]

OR	cpe:2.3:a:livezilla:livezilla::::::::
	cpe:2.3:a:livezilla:livezilla:3.1.8.3:::::::*
	cpe:2.3:a:livezilla:livezilla:3.2.0.2:::::::*
	cpe:2.3:a:livezilla:livezilla:4.0.1.0:::::::*
	cpe:2.3:a:livezilla:livezilla:4.0.1.1:::::::*
	cpe:2.3:a:livezilla:livezilla:4.0.1.2:::::::*
	cpe:2.3:a:livezilla:livezilla:4.1.0.3:::::::*
	cpe:2.3:a:livezilla:livezilla:4.1.0.4:::::::*
	cpe:2.3:a:livezilla:livezilla:4.2.0.4:::::::*
	cpe:2.3:a:livezilla:livezilla:4.2.0.5:::::::*
	cpe:2.3:a:livezilla:livezilla:5.0.1.0:::::::*
	cpe:2.3:a:livezilla:livezilla:5.0.1.1:::::::*
	cpe:2.3:a:livezilla:livezilla:5.0.1.2:::::::*
	cpe:2.3:a:livezilla:livezilla:5.0.1.3:::::::*
	cpe:2.3:a:livezilla:livezilla:5.0.1.4:::::::*

No data.

References

Link	Providers
http://osvdb.org/100399
http://osvdb.org/100401
http://osvdb.org/100402
http://packetstormsecurity.com/files/124222
http://seclists.org/fulldisclosure/2013/Nov/208
http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog/
https://cureblog.de/2013/12/cve-2013-6224-cross-site-scripting-in-livezilla
https://exchange.xforce.ibmcloud.com/vulnerabilities/89315

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-12-10T16:00:00

Updated: 2024-08-06T17:29:43.215Z

Reserved: 2013-10-21T00:00:00

Link: CVE-2013-6224

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-12-10T16:11:19.070

Modified: 2017-08-29T01:33:55.637

Link: CVE-2013-6224

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-28T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, which is saved in the archive section."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "100399", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/100399"}, {"tags": ["x_refsource_MISC"], "url": "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog/"}, {"tags": ["x_refsource_MISC"], "url": "https://cureblog.de/2013/12/cve-2013-6224-cross-site-scripting-in-livezilla"}, {"name": "100401", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/100401"}, {"name": "livezilla-cve20136224-xss(89315)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89315"}, {"name": "20131128 CVE-2013-6224: XSS in Livezilla prior version 5.1.1.0", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2013/Nov/208"}, {"name": "100402", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/100402"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/124222"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6224", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, which is saved in the archive section."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "100399", "refsource": "OSVDB", "url": "http://osvdb.org/100399"}, {"name": "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog/", "refsource": "MISC", "url": "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog/"}, {"name": "https://cureblog.de/2013/12/cve-2013-6224-cross-site-scripting-in-livezilla", "refsource": "MISC", "url": "https://cureblog.de/2013/12/cve-2013-6224-cross-site-scripting-in-livezilla"}, {"name": "100401", "refsource": "OSVDB", "url": "http://osvdb.org/100401"}, {"name": "livezilla-cve20136224-xss(89315)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89315"}, {"name": "20131128 CVE-2013-6224: XSS in Livezilla prior version 5.1.1.0", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2013/Nov/208"}, {"name": "100402", "refsource": "OSVDB", "url": "http://osvdb.org/100402"}, {"name": "http://packetstormsecurity.com/files/124222", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/124222"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:29:43.215Z"}, "title": "CVE Program Container", "references": [{"name": "100399", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/100399"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cureblog.de/2013/12/cve-2013-6224-cross-site-scripting-in-livezilla"}, {"name": "100401", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/100401"}, {"name": "livezilla-cve20136224-xss(89315)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89315"}, {"name": "20131128 CVE-2013-6224: XSS in Livezilla prior version 5.1.1.0", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2013/Nov/208"}, {"name": "100402", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/100402"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/124222"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-6224", "datePublished": "2013-12-10T16:00:00", "dateReserved": "2013-10-21T00:00:00", "dateUpdated": "2024-08-06T17:29:43.215Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:livezilla:livezilla:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E71FD11-CCE4-4D64-B16A-87527E8076B9", "versionEndIncluding": "5.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:3.1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "56789521-4DD0-4FE8-80E4-9D99BDD43551", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:3.2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "8284B387-D399-49D1-921C-414A8B9E6DF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2D97BE25-92A1-4F57-B433-0650BEC6A714", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D38AA0A9-D234-4366-BCA2-7E8D44B5AE3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "AE5118FB-A7DB-4E40-8B65-F72BA94FADF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "C3585416-E7D6-4F2E-974F-6033B1EA493D", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "A015EC43-FEE9-401E-879E-5075E98E7566", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "171BA61E-BC9A-46E7-B69A-CDC01D6B1CC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "013B3FB8-47DB-4C27-894E-E837200D267F", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:5.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D4F8D1A5-B008-4D92-9522-FD9B82A5C6F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:5.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C198E0EB-5E32-4952-9297-BC05C2E8EC77", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:5.0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "E252F349-6B4C-4DD0-B566-6F701F5D639F", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:5.0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "DF76D3A5-3926-40B2-85A2-DF088428CB9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:5.0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "3BF03B88-78BB-447E-A8E3-3053DEAB5BA9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, which is saved in the archive section."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en LiveZilla anterior a la versi\u00f3n 5.1.1.0 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s de (1) un nombre en la caracter\u00edstica de administrador de llamada, (2) vectores sin especificar hacia el panel de informaci\u00f3n de visitas del administrador, o (3) un mensaje de texto en una sesi\u00f3n de chat, el cual es guardado en la secci\u00f3n de archivo."}], "id": "CVE-2013-6224", "lastModified": "2017-08-29T01:33:55.637", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-12-10T16:11:19.070", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/100399"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/100401"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/100402"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/124222"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2013/Nov/208"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog/"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://cureblog.de/2013/12/cve-2013-6224-cross-site-scripting-in-livezilla"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89315"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}