2 matches found
CVE-2001-1199
Agora CGI Cross Site Scripting (CVE-2001-1199) affects Agora versions 3.0a–4.0g due to improper input validation in the cart_id parameter when debug mode is on, enabling remote attackers to execute JavaScript in other clients. The vulnerability is documented in multiple sources (e.g., OpenVAS des...
CVE-2002-0215
Agora.cgi versions 3.2r through 4.0 in debug mode disclose the full pathname of the agora.cgi file when a non-existent .html file is requested, enabling remote disclosure of server file paths. This is an information disclosure vulnerability in the web application component. The affected component...