Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2006-2228

Publish Date: 29 Apr 2006

Author: r0xes

                							

                source: http://www.securityfocus.com/bid/17751/info

W-Agora is prone to a script-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated content. 

W-Agora can be configured to send all user information in session data; if this is the case, then attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing an attacker to steal cookie-based authentication credentials. Other attacks are also possible. 

This issue is reported to affect version 4.20; other versions may also be vulnerable.

[code]&lt;b onMouseOver =eval(&amp;#039;alert(/xss/)&amp;#039;)&gt;hi&lt;/b&gt;[/code]

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

W-Agora 4.2 - BBCode Script Injection

Vulmon Search

About

Products

Connect