Attacker Value
Very High
(1 user assessed)
Exploitability
Moderate
(1 user assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Network
0

CVE-2020-9758

Disclosure Date: March 09, 2020
CVE-2020-9758 CVSS v3 Base Score: 9.6
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The attack fetches multiple credentials because they are stored in the database (stored XSS). This affects the mobile/chat URI via the lgn and psswrd parameters.

Add Assessment

2
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Medium
Common in enterpriseEasy to weaponizeGives privileged accessUnauthenticatedRequires user interaction
Technical Analysis

This vulnerability is common in LiveZilla Live Chat 8.0.1.3 within the chat.php page. The vulnerability is a blind xss injection which lies within the name parameter which once triggered can pull username and passwords of employees.
This provides attackers with a privilege escalation from unauthenticated to a user which can lead to a full attack takeover.
This also has the potential to leak multiple credentials due to their storage within a database and is also confirmed to affect lgn and psswrd fields.

Due to this, it wouldn’t take an attacker much prior knowledge to find a payload which returns the credentials of a user and so providing access to a user.
For this reason, an attacker is presented with low risk, high reward attack vector.

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
9.6 Critical
Impact Score:
6
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Changed
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • livezilla

Products

  • livezilla

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis