The host is installed with LiveZilla and is prone to cross site scripting vulnerability.

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site and launch other attacks. Impact Level: Application

Upgrade to LiveZilla 5.1.1.0 or later, For updates refer to http://livezilla.net

- The flaw is due to input passed via the 'g_language' GET parameter to '/mobile/php/translation/index.php' is not properly sanitised before being returned to the user. - Input passed via the username and message body to chat.php when starting a new chat session is not properly sanitised before being used.

LiveZilla version 5.1.0.0

Send a crafted data via HTTP GET request and check whether it is able read the cookie or not.

• http://packetstormsecurity.com/files/124344
• http://seclists.org/bugtraq/2013/Dec/31
• http://secunia.com/advisories/54505
• http://www.osvdb.org/100741
• http://www.securityfocus.com/archive/1/530209

---

Updated on 2015-03-25