6.1 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
57.3%
Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter.
packetstormsecurity.org/1010-exploits/wagora-lfixss.txt
securityreason.com/securityalert/8426
www.securityfocus.com/archive/1/514420/100/0/threaded
www.securityfocus.com/bid/44370