{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2001-12-17T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-03-22T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20011217 Agoracgi v3.3e Cross Site Scripting Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/246044"}, {"name": "agora-cgi-css(7708)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/7708.php"}, {"name": "3702", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3702"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.agoracgi.com/security.html"}, {"name": "698", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/698"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-1199", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20011217 Agoracgi v3.3e Cross Site Scripting Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/246044"}, {"name": "agora-cgi-css(7708)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/7708.php"}, {"name": "3702", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3702"}, {"name": "http://www.agoracgi.com/security.html", "refsource": "CONFIRM", "url": "http://www.agoracgi.com/security.html"}, {"name": "698", "refsource": "OSVDB", "url": "http://www.osvdb.org/698"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T04:44:08.289Z"}, "title": "CVE Program Container", "references": [{"name": "20011217 Agoracgi v3.3e Cross Site Scripting Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/246044"}, {"name": "agora-cgi-css(7708)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/7708.php"}, {"name": "3702", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/3702"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.agoracgi.com/security.html"}, {"name": "698", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/698"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-1199", "datePublished": "2002-06-25T04:00:00", "dateReserved": "2002-03-15T00:00:00", "dateUpdated": "2024-08-08T04:44:08.289Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "A7808DDA-412A-4798-B937-8FBA18A02CDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2a:*:*:*:*:*:*:*", "matchCriteriaId": "EA2735C8-D031-4820-A07F-EEF0DA42C88B", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2b:*:*:*:*:*:*:*", "matchCriteriaId": "AF52B479-C94E-4EFB-86E2-D5F5EF72066E", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2c:*:*:*:*:*:*:*", "matchCriteriaId": "9B2145D6-0650-431A-9E1F-851619E5BE58", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2d:*:*:*:*:*:*:*", "matchCriteriaId": "DD5925D7-F12E-4C04-A6F0-070D1BFDE13F", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2e:*:*:*:*:*:*:*", "matchCriteriaId": "F66BBAFC-CB62-481C-AAD9-AFBFC1570738", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2f:*:*:*:*:*:*:*", "matchCriteriaId": "7CBE501A-DB0F-4FA0-80D9-45E0E3FFAB94", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2g:*:*:*:*:*:*:*", "matchCriteriaId": "45F44DBA-A215-4A4B-9AC3-358AB61A1BD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2h:*:*:*:*:*:*:*", "matchCriteriaId": "599059EA-DA87-4B87-AE22-90628967A2A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2i:*:*:*:*:*:*:*", "matchCriteriaId": "802FE920-82B3-4D44-A449-736E009F53B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2j:*:*:*:*:*:*:*", "matchCriteriaId": "62BAC6C3-923F-4869-AA2E-2E5BC8F3C568", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2ja:*:*:*:*:*:*:*", "matchCriteriaId": "67275AFF-A988-447B-A15E-B725173BCE75", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2k:*:*:*:*:*:*:*", "matchCriteriaId": "39F34030-D87B-491A-993A-E227ED99EF0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2l:*:*:*:*:*:*:*", "matchCriteriaId": "3A6F3D9C-CF75-4E7B-A34D-5D515543E16B", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2m:*:*:*:*:*:*:*", "matchCriteriaId": "C6076E9F-CBBD-4AAC-94D9-AAB9B5F7D747", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2n:*:*:*:*:*:*:*", "matchCriteriaId": "9641B186-4795-4A01-9A2E-0B6EAFBAA847", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2p:*:*:*:*:*:*:*", "matchCriteriaId": "B43B8E13-15A8-4333-997B-A65D1F95120D", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2q:*:*:*:*:*:*:*", "matchCriteriaId": "01CD9379-81D4-40E5-8712-C3ECC547BCA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2r:*:*:*:*:*:*:*", "matchCriteriaId": "3C01009C-8A0F-4145-AFCC-266E9AC9F38F", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3a:*:*:*:*:*:*:*", "matchCriteriaId": "7D182707-0550-4730-BCC6-8E73726ACCA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3b:*:*:*:*:*:*:*", "matchCriteriaId": "131B3AC9-E1BE-474F-BF5A-EE3A2F3925DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3c:*:*:*:*:*:*:*", "matchCriteriaId": "B64A8A45-C79E-4B40-A9E0-DBE59620B98C", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3d:*:*:*:*:*:*:*", "matchCriteriaId": "C75EC15B-B1FB-4D25-8281-791628336B77", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3e:*:*:*:*:*:*:*", "matchCriteriaId": "660D3973-C72E-419F-B258-099AFE7D17F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3f:*:*:*:*:*:*:*", "matchCriteriaId": "52255955-5C2F-41CC-B1F6-9B14AE1FF08B", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3i:*:*:*:*:*:*:*", "matchCriteriaId": "91E45149-B2BB-444F-ABF4-6FC8FF7DED13", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3j:*:*:*:*:*:*:*", "matchCriteriaId": "CF7E4671-A0C9-449A-9CF6-9F5E5485DAC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "CA62D301-78C5-4F44-9A54-E7BD860121DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0a:*:*:*:*:*:*:*", "matchCriteriaId": "7BEF1EB8-7341-48AB-A220-6D1760B40A21", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0b:*:*:*:*:*:*:*", "matchCriteriaId": "B7527F9F-EB74-40B3-82D0-952910C29B9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0c:*:*:*:*:*:*:*", "matchCriteriaId": "3F67E952-4F8F-4C67-94B9-63097BF7B33B", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0d:*:*:*:*:*:*:*", "matchCriteriaId": "D5308E74-F9CB-44D3-B89D-6D27266CD552", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en agora.cgi para las versiones de la 3.0a a la 4.0g de Agora, cuando el modo de depuraci\u00f3n esta activado, permite a atacantes remotos la ejecuci\u00f3n de Javascript en otros clientes mediante el uso del par\u00e1metro 'cart_id'."}], "id": "CVE-2001-1199", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2001-12-17T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["URL Repurposed"], "url": "http://www.agoracgi.com/security.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.iss.net/security_center/static/7708.php"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/698"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/archive/1/246044"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/3702"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["URL Repurposed"], "url": "http://www.agoracgi.com/security.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.iss.net/security_center/static/7708.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/698"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/archive/1/246044"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/3702"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}