Various components of the LiveZilla application are vulnerable to cross site scripting. An attacker can hijack an operator with cross site scripting.
An 1click file that allows an admin to log into LiveZilla using a mouse click is saved in a xml representation. This xml file includes the admin username and password in plaintext.
This vulnerability enables any rouge app at any time to remove all existing device locks activated by a user.
On Windows systems with PHP versions installed that allow null bytes in the URL it is possible to turn a local file inclusion vulnerability to a full remote code execution vulnerability.
This vulnerability can be used to get payment credentials for Google Wallet and Paypal by abusing the popular application Whatsapp.