30-03-2015 / Vulnerabilities

LiveZilla XSS

Name field (name="form_111") in chat.php may be used to send XSS visible inside Webbased Operator Client.

Proof of Concept

Put XSS inside Name field in chat.php for example:


XSS will be visible for operator whose uses Webbased Operator Client and accept your chat and receive at least two messages from you.


  • 25-11-2014: Discovered
  • 25-11-2014: Vendor notified
  • 15-01-2015: Version released, issue resolved