Arbitrary Script Injection via Picture Name in Livefyre LiveComments 3.0

Arbitrary Script Injection via Picture Name in Livefyre LiveComments 3.0

CVE-2014-6420 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture.

Learn more about our Web App Pen Testing.