header-logo
Suggest Exploit
vendor:
W-Agora
by:
Georgi Guninski
8.3
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: W-Agora
Affected Version From: 2000.9.2
Affected Version To: 2000.9.2
Patch Exists: YES
Related CWE: CVE-2002-1490
CPE: a:w-agora:w-agora
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unix, Linux
2002

W-Agora Cross-Site Scripting Vulnerability

It has been reported that W-Agora has a vulnerability in the handling of script code. It is possible to format a malicious link containing arbitrary script code or HTML that when clicked on would execute in the security context of the vulnerable site. This would result in a browser security violation, and could lead to the theft of authentication cookies of administrators.

Mitigation:

Upgrade to the latest version of W-Agora
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6464/info

W-Agora is a freely available, open source PHP forum software package. It is available for Unix and Linux systems.

A problem with W-Agora may make cross-site scripting attacks possible.

It has been reported that W-Agora has a vulnerability in the handling of script code. It is possible to format a malicious link containing arbitrary script code or HTML that when clicked on would execute in the security context of the vulnerable site. This would result in a browser security violation, and could lead to the theft of authentication cookies of administrators.

<URL:/editform.php?site=agora&blah=">Bug!>

Navigation

Suggest Exploit

Services By CQR