W-Agora 4.1.6 a forgot_password.php userid Parameter XSS

2014-07-01T00:00:00
ID SSV:78344
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/11283/info
 
Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, and HTTP response splitting attacks.
 
These issues were identified in W-Agora 4.1.6a, however, it is possible that other versions are also affected.

POST /forgot_password.php HTTP/1.1
Host: w-agora
Content-Type: application/x-www-form-urlencoded
Content-Length: 48
go=1&userid=[XSS code here]