CVE-2020-9758

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The attack fetches multiple credentials because they are stored in the database (stored XSS). This affects the mobile/chat URI via the lgn and psswrd parameters.

CVSS v3 9.6 CRITICAL
CVSS v2.0 4.3 MEDIUM

9.6^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/ari034/CVE-2020-9758	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:livezilla:livezilla:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-03-09 19:15

Updated : 2024-02-04 20:39

NVD link : CVE-2020-9758

Mitre link : CVE-2020-9758

CVE.ORG link : CVE-2020-9758

JSON object : View

Products Affected

livezilla

livezilla

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2020-9758", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}]}, "published": "2020-03-09T19:15:15.880", "references": [{"url": "https://github.com/ari034/CVE-2020-9758", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The attack fetches multiple credentials because they are stored in the database (stored XSS). This affects the mobile/chat URI via the lgn and psswrd parameters."}, {"lang": "es", "value": "Se detect\u00f3 un problema en el archivo chat.php en LiveZilla Live Chat versi\u00f3n 8.0.1.3 (Helpdesk). Una inyecci\u00f3n JavaScript ciega se encuentra en el par\u00e1metro name. Desencadenar esto puede extraer el nombre de usuario y las contrase\u00f1as de los empleados del servicio de asistencia en el URI. Esto conlleva a una escalada de privilegios, desde el acceso no autenticado hasta el nivel de usuario, conllevando a la toma de control total de la cuenta. El ataque extrae m\u00faltiples credenciales porque est\u00e1n almacenadas en la base de datos (XSS almacenado). Esto afecta el URI mobile/chat por medio de los par\u00e1metros lgn y psswrd."}], "lastModified": "2020-03-10T16:56:57.483", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:livezilla:livezilla:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81210B50-7951-4BB5-9E5B-2A02401A2EA1", "versionEndExcluding": "8.0.1.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}