Lucene search

[email protected]CVE-2007-1606

HistoryMar 22, 2007 - 11:19 p.m.

CVE-2007-1606

2007-03-2223:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2007

1606

xss

w-agora

web script

html

remote attackers

vulnerability

nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php.

CPENameOperatorVersion
w-agora:w-agoraw-agoraeq4.2.1

CPE	Name	Operator	Version
w-agora:w-agora	w-agora	eq	4.2.1

References

osvdb.org/34377

osvdb.org/34378

osvdb.org/34379

secunia.com/advisories/24605

securityreason.com/securityalert/2462

www.securityfocus.com/archive/1/463286/100/0/threaded

www.securityfocus.com/bid/23057

exchange.xforce.ibmcloud.com/vulnerabilities/33175

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.0%

JSON

Related for CVE-2007-1606

prion1 securityvulns1