Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Agora.cgi | Steve_kneizys | 3.2 | 3.2 |
| Agora.cgi | Steve_kneizys | 3.2a | 3.2a |
| Agora.cgi | Steve_kneizys | 3.2b | 3.2b |
| Agora.cgi | Steve_kneizys | 3.2c | 3.2c |
| Agora.cgi | Steve_kneizys | 3.2d | 3.2d |
| Agora.cgi | Steve_kneizys | 3.2e | 3.2e |
| Agora.cgi | Steve_kneizys | 3.2f | 3.2f |
| Agora.cgi | Steve_kneizys | 3.2g | 3.2g |
| Agora.cgi | Steve_kneizys | 3.2h | 3.2h |
| Agora.cgi | Steve_kneizys | 3.2i | 3.2i |
| Agora.cgi | Steve_kneizys | 3.2j | 3.2j |
| Agora.cgi | Steve_kneizys | 3.2ja | 3.2ja |
| Agora.cgi | Steve_kneizys | 3.2k | 3.2k |
| Agora.cgi | Steve_kneizys | 3.2l | 3.2l |
| Agora.cgi | Steve_kneizys | 3.2m | 3.2m |
| Agora.cgi | Steve_kneizys | 3.2n | 3.2n |
| Agora.cgi | Steve_kneizys | 3.2p | 3.2p |
| Agora.cgi | Steve_kneizys | 3.2q | 3.2q |
| Agora.cgi | Steve_kneizys | 3.2r | 3.2r |
| Agora.cgi | Steve_kneizys | 3.3a | 3.3a |
| Agora.cgi | Steve_kneizys | 3.3b | 3.3b |
| Agora.cgi | Steve_kneizys | 3.3c | 3.3c |
| Agora.cgi | Steve_kneizys | 3.3d | 3.3d |
| Agora.cgi | Steve_kneizys | 3.3e | 3.3e |
| Agora.cgi | Steve_kneizys | 3.3f | 3.3f |
| Agora.cgi | Steve_kneizys | 3.3i | 3.3i |
| Agora.cgi | Steve_kneizys | 3.3j | 3.3j |
| Agora.cgi | Steve_kneizys | 4.0 | 4.0 |
| Agora.cgi | Steve_kneizys | 4.0a | 4.0a |
| Agora.cgi | Steve_kneizys | 4.0b | 4.0b |
| Agora.cgi | Steve_kneizys | 4.0c | 4.0c |
| Agora.cgi | Steve_kneizys | 4.0d | 4.0d |