CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
94.7%
Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.
Vendor | Product | Version | CPE |
---|---|---|---|
steve_kneizys | agora.cgi | 3.2 | cpe:2.3:a:steve_kneizys:agora.cgi:3.2:*:*:*:*:*:*:* |
steve_kneizys | agora.cgi | 3.2a | cpe:2.3:a:steve_kneizys:agora.cgi:3.2a:*:*:*:*:*:*:* |
steve_kneizys | agora.cgi | 3.2b | cpe:2.3:a:steve_kneizys:agora.cgi:3.2b:*:*:*:*:*:*:* |
steve_kneizys | agora.cgi | 3.2c | cpe:2.3:a:steve_kneizys:agora.cgi:3.2c:*:*:*:*:*:*:* |
steve_kneizys | agora.cgi | 3.2d | cpe:2.3:a:steve_kneizys:agora.cgi:3.2d:*:*:*:*:*:*:* |
steve_kneizys | agora.cgi | 3.2e | cpe:2.3:a:steve_kneizys:agora.cgi:3.2e:*:*:*:*:*:*:* |
steve_kneizys | agora.cgi | 3.2f | cpe:2.3:a:steve_kneizys:agora.cgi:3.2f:*:*:*:*:*:*:* |
steve_kneizys | agora.cgi | 3.2g | cpe:2.3:a:steve_kneizys:agora.cgi:3.2g:*:*:*:*:*:*:* |
steve_kneizys | agora.cgi | 3.2h | cpe:2.3:a:steve_kneizys:agora.cgi:3.2h:*:*:*:*:*:*:* |
steve_kneizys | agora.cgi | 3.2i | cpe:2.3:a:steve_kneizys:agora.cgi:3.2i:*:*:*:*:*:*:* |