W-Agora 4.1.6 - a download_thread.php?thread Cross-Site Scripting

2004-09-30T00:00:00
ID EXPLOITPACK:A4E8109A5372CA37B9E05BE59BA54AAE
Type exploitpack
Reporter Alexander Antipov
Modified 2004-09-30T00:00:00

Description

W-Agora 4.1.6 - a download_thread.php?thread Cross-Site Scripting

                                        
                                            source: https://www.securityfocus.com/bid/11283/info
 
Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, and HTTP response splitting attacks.
 
These issues were identified in W-Agora 4.1.6a, however, it is possible that other versions are also affected.

download_thread.php?site=support&bn=support_install&thread=[XSS code here]