Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Steve Kneizys
  • Agora.cgi

Configuration 1 [-]

OR cpe:2.3:a:steve_kneizys:agora.cgi:3.2:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.2a:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.2b:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.2c:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.2d:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.2e:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.2f:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.2g:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.2h:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.2i:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.2j:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.2ja:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.2k:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.2l:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.2m:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.2n:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.2p:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.2q:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.2r:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.3a:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.3b:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.3c:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.3d:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.3e:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.3f:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.3i:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:3.3j:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:4.0:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:4.0a:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:4.0b:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:4.0c:*:*:*:*:*:*:*
cpe:2.3:a:steve_kneizys:agora.cgi:4.0d:*:*:*:*:*:*:*

No data.

References
Link Providers
http://www.agoracgi.com/security.html cve-icon cve-icon
http://www.iss.net/security_center/static/7708.php cve-icon cve-icon
http://www.osvdb.org/698 cve-icon cve-icon
http://www.securityfocus.com/archive/1/246044 cve-icon cve-icon
http://www.securityfocus.com/bid/3702 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-06-25T04:00:00

Updated: 2024-08-08T04:44:08.289Z

Reserved: 2002-03-15T00:00:00

Link: CVE-2001-1199

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2001-12-17T05:00:00.000

Modified: 2024-02-14T01:17:43.863

Link: CVE-2001-1199

cve-icon Redhat

No data.