1. ADVISORY SUMMARY

LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php

Risk: Medium

Application: LiveZilla
Versions Affected: 7.0.6.0
Vendor: LiveZilla GmbH
Vendor URL: https://www.livezilla.net/

Sent to vendor: 04.12.2017
Vendor response: Acknowledge 04.12.2017
Published fixed Release by vendor: 15.12.2017 (7.0.8.9)
Date of Public Advisory: 16.01.2018

Advisory URL: https://www.pallas.com/advisories/cve-2017-15869-livezilla-xss-knowledgebase
Author: Tim Kretschmann (Pallas GmbH)
Version and State of report: 1.0 (16.01.2018) - published


2. VULNERABILITY INFORMATION

A cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla 7.0.6.0 allow remote attackers to inject arbitrary web script or HTML via the search-for parameter. 

Remotely Exploitable: Yes
Locally Exploitable: No
CVE: CVE-2017-15869
CVSS Base Score v2: 6.1 / 10
CVSS Base Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N


3. VULNERABILITY DESCRIPTION

A cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla 7.0.6.0 allow remote attackers to inject arbitrary web script or HTML via the search-for parameter. 


4. SOLUTIONS AND WORKAROUNDS

Update to Release 7.0.8.9 or higher (Dec 2017)
No possible workaround before 7.0.8.9


5. AUTHOR

Tim Kretschmann (Pallas GmbH)


6. TECHNICAL DESCRIPTION / PROOF OF CONCEPT (PoC) 

Attack Vector:
/knowledgebase.php?entry=show&searchfor=ae2w1%22onfocus%3d%22alert(1)%22autofocus%3d%22bvofh&article=<IfOfArticle> 


7. TIMELINE

04.12.2017 - E-Mail with Bug Information to LiveZilla
04.12.2017 - Acknowledged the bug
15.12.2017  LiveZilla published Release 7.0.8.9 (see https://www.livezilla.net/changelog/en/)
16.01.2018  Pallas published Advisory
 

8. ABOUT PALLAS GMBH

Pallas provides security consulting, pentesting, managed security services and hosting services with focus on security.
Adress: Pallas GmbH, Hermuelheimer Strasse 8a, 50321 Bruehl, GERMANY
Phone: 0049.2232.18960
Fax: 0049.2232.198629
Web: https://www.pallas.com/