Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1199

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1199
Last Modified 05 Sep 2008 04:25:56
Published 17 Dec 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1199

Summary

Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.

Vulnerable Systems

Application

  • Steve Kneizys Agora.cgi 3.2

  • Steve Kneizys Agora.cgi 3.2a

  • Steve Kneizys Agora.cgi 3.2b

  • Steve Kneizys Agora.cgi 3.2c

  • Steve Kneizys Agora.cgi 3.2d

  • Steve Kneizys Agora.cgi 3.2e

  • Steve Kneizys Agora.cgi 3.2f

  • Steve Kneizys Agora.cgi 3.2g

  • Steve Kneizys Agora.cgi 3.2h

  • Steve Kneizys Agora.cgi 3.2i

  • Steve Kneizys Agora.cgi 3.2j

  • Steve Kneizys Agora.cgi 3.2ja

  • Steve Kneizys Agora.cgi 3.2k

  • Steve Kneizys Agora.cgi 3.2l

  • Steve Kneizys Agora.cgi 3.2m

  • Steve Kneizys Agora.cgi 3.2n

  • Steve Kneizys Agora.cgi 3.2p

  • Steve Kneizys Agora.cgi 3.2q

  • Steve Kneizys Agora.cgi 3.2r

  • Steve Kneizys Agora.cgi 3.3a

  • Steve Kneizys Agora.cgi 3.3b

  • Steve Kneizys Agora.cgi 3.3c

  • Steve Kneizys Agora.cgi 3.3d

  • Steve Kneizys Agora.cgi 3.3e

  • Steve Kneizys Agora.cgi 3.3f

  • Steve Kneizys Agora.cgi 3.3i

  • Steve Kneizys Agora.cgi 3.3j

  • Steve Kneizys Agora.cgi 4.0

  • Steve Kneizys Agora.cgi 4.0a

  • Steve Kneizys Agora.cgi 4.0b

  • Steve Kneizys Agora.cgi 4.0c

  • Steve Kneizys Agora.cgi 4.0d


References

BID - 3702

BUGTRAQ - 20011217 Agoracgi v3.3e Cross Site Scripting Vulnerability

XF - agora-cgi-css(7708)

CONFIRM - http://www.agoracgi.com/security.html

OSVDB - 698


Last Updated: 27 May 2016 10:36:34