Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Agora.cgi | Steve_kneizys | 3.2 | 3.2 |
Agora.cgi | Steve_kneizys | 3.2a | 3.2a |
Agora.cgi | Steve_kneizys | 3.2b | 3.2b |
Agora.cgi | Steve_kneizys | 3.2c | 3.2c |
Agora.cgi | Steve_kneizys | 3.2d | 3.2d |
Agora.cgi | Steve_kneizys | 3.2e | 3.2e |
Agora.cgi | Steve_kneizys | 3.2f | 3.2f |
Agora.cgi | Steve_kneizys | 3.2g | 3.2g |
Agora.cgi | Steve_kneizys | 3.2h | 3.2h |
Agora.cgi | Steve_kneizys | 3.2i | 3.2i |
Agora.cgi | Steve_kneizys | 3.2j | 3.2j |
Agora.cgi | Steve_kneizys | 3.2ja | 3.2ja |
Agora.cgi | Steve_kneizys | 3.2k | 3.2k |
Agora.cgi | Steve_kneizys | 3.2l | 3.2l |
Agora.cgi | Steve_kneizys | 3.2m | 3.2m |
Agora.cgi | Steve_kneizys | 3.2n | 3.2n |
Agora.cgi | Steve_kneizys | 3.2p | 3.2p |
Agora.cgi | Steve_kneizys | 3.2q | 3.2q |
Agora.cgi | Steve_kneizys | 3.2r | 3.2r |
Agora.cgi | Steve_kneizys | 3.3a | 3.3a |
Agora.cgi | Steve_kneizys | 3.3b | 3.3b |
Agora.cgi | Steve_kneizys | 3.3c | 3.3c |
Agora.cgi | Steve_kneizys | 3.3d | 3.3d |
Agora.cgi | Steve_kneizys | 3.3e | 3.3e |
Agora.cgi | Steve_kneizys | 3.3f | 3.3f |
Agora.cgi | Steve_kneizys | 3.3i | 3.3i |
Agora.cgi | Steve_kneizys | 3.3j | 3.3j |
Agora.cgi | Steve_kneizys | 4.0 | 4.0 |
Agora.cgi | Steve_kneizys | 4.0a | 4.0a |
Agora.cgi | Steve_kneizys | 4.0b | 4.0b |
Agora.cgi | Steve_kneizys | 4.0c | 4.0c |
Agora.cgi | Steve_kneizys | 4.0d | 4.0d |