1. ADVISORY SUMMARY LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php Risk: Medium Application: LiveZilla Versions Affected: 7.0.6.0 Vendor: LiveZilla GmbH Vendor URL: https://www.livezilla.net/ Sent to vendor: 04.12.2017 Vendor response: Acknowledge 04.12.2017 Published fixed Release by vendor: 15.12.2017 (7.0.8.9) Date of Public Advisory: 16.01.2018 Advisory URL: https://www.pallas.com/advisories/cve-2017-15869-livezilla-xss-knowledgebase Author: Tim Kretschmann (Pallas GmbH) Version and State of report: 1.0 (16.01.2018) - published 2. VULNERABILITY INFORMATION A cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla 7.0.6.0 allow remote attackers to inject arbitrary web script or HTML via the search-for parameter. Remotely Exploitable: Yes Locally Exploitable: No CVE: CVE-2017-15869 CVSS Base Score v2: 6.1 / 10 CVSS Base Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 3. VULNERABILITY DESCRIPTION A cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla 7.0.6.0 allow remote attackers to inject arbitrary web script or HTML via the search-for parameter. 4. SOLUTIONS AND WORKAROUNDS Update to Release 7.0.8.9 or higher (Dec 2017) No possible workaround before 7.0.8.9 5. AUTHOR Tim Kretschmann (Pallas GmbH) 6. TECHNICAL DESCRIPTION / PROOF OF CONCEPT (PoC) Attack Vector: /knowledgebase.php?entry=show&searchfor=ae2w1%22onfocus%3d%22alert(1)%22autofocus%3d%22bvofh&article= 7. TIMELINE 04.12.2017 - E-Mail with Bug Information to LiveZilla 04.12.2017 - Acknowledged the bug 15.12.2017 LiveZilla published Release 7.0.8.9 (see https://www.livezilla.net/changelog/en/) 16.01.2018 Pallas published Advisory 8. ABOUT PALLAS GMBH Pallas provides security consulting, pentesting, managed security services and hosting services with focus on security. Adress: Pallas GmbH, Hermuelheimer Strasse 8a, 50321 Bruehl, GERMANY Phone: 0049.2232.18960 Fax: 0049.2232.198629 Web: https://www.pallas.com/