LiveZilla Cross Site Scripting Vulnerability | CVE-2010-4276



Copyright and Disclaimer

The information in this advisory is Copyright 2010 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory, you must either copy all of it or refer to this document (including our URL). No guarantee is provided for the accuracy of this information, or damage you may cause your systems in testing.

About Conviso

Founded on 2008 by a team of professionals working the IT Security market since 1997, Conviso is a consulting company specialized on network and application security services. Our values are based on the allocation of the adequate competencies on the field, a clear and direct speech with the market, collaboration and partnership with our customers and business partners and constant investments on methodology and research improvement.

This advisory has been discovered as part of a general investigation into the security of software used in the IT environments of our customers. For more information about our company and services provided, please check our website at

The Security Research

Conviso maintains a virtual team dedicated to explore our customer’s environments in order to identify technical vulnerabilities in software and hardware, developing real-world mitigation solutions and processes to maintain more secure environments. Leaded by Wagner Elias, our R&D Manager, this team is named Conviso Labs and also contribute to important world-class organizations projects and organizations.

The vulnerability described in this security advisory was discovered by Ulisses Castro on November 1st 2010 during an internal research procedure.

Issue Description

LiveZilla is an application provided by LiveZilla GmbH to provide Live Chats, monitor website visitors in real-time and convert them in to customers. LiveZilla is affected by Reflected Cross Site Scripting on server.php in the “module” track which calls a vulnerable javascript function.

Affected Components

The issue was confirmed on version but other other versions maybe also affected.

Issue Mitigation

LiveZilla released an update to fix the vulnerability, please check the availability at their changelog page.

CVSS Scoring System

The CVSS score is: 6.4

    • Base Score: 6.7


    • Temporal Score: 6.4

We used the following values to calculate the scores:

    • Base score is: AV:N/AC:L/Au:N/C:C/I:C/A:N


    • Temporal score is: E:F/RL:U/RC:C



The request http://<server>/livezilla/server.php?request=track&livezilla=alert(‘xss’) pass through the following files:

    • htdocslivezillaserver.php


    • htdocslivezillatrack.php


    • htdocslivezillatemplatesjscriptjstrack.tpl

And land in this code exception:

208 function lz_tracking_set_sessid(_userId, _browId)
209 {
210 if(lz_session.UserId != _userId)
211 {
212 lz_session.UserId = _userId;
213 lz_session.BrowserId = _browId;
214 lz_session.Save();
215 }
216 }

The javascript file “jstrack.tpl” is called by track.php and contains a function named “lz_tracking_set_sessid()” which does not sanitize data and may allow an attacker to inject a malicious javascript code to support Reflected Cross Site Script attacks against users.

Originalmente postado no Blog da Conviso Application Security – Siga-nos no Twitter @conviso Google+
About author


A team of professionals, highly connected on news, techniques and information about application security
Related posts
Application SecurityNews

The Amazing Electrosphere

In the daily journey of security analysts, when performing intrusion tests, some steps end up being…
Read more
Application SecurityCode FightersNews

Research: CVE-2021-43076 and the Risks Caused by Insecure Design

In the latest edition of OWASP TOP 10 Vulnerabilities 2021, some new categories were introduced in…
Read more
Application SecurityCode FightersNews

Case Study: Plone CVE-2021-33512 and Threat Modeling with Conviso Platform

An internal project by Conviso’s Consulting team, called ConsultingLabs, was created with the…
Read more

Deixe um comentário