Published: 31/12/2004 Updated: 11/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 445

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote malicious users to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
w-agora w-agora 4.1.6a

source: wwwsecurityfocuscom/bid/11283/info Multiple vulnerabilities are reported to affect the application These issues arise due to insufficient sanitization of user-supplied data A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, and HTTP response splitting attacks These issues ...

source: wwwsecurityfocuscom/bid/11283/info Multiple vulnerabilities are reported to affect the application These issues arise due to insufficient sanitization of user-supplied data A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, and HTTP response splitting attacks These issues w ...

NVD-CWE-Other http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/027040.html http://www.securityfocus.com/bid/11283 http://secunia.com/advisories/12695 http://securitytracker.com/id?1011463 http://marc.info/?l=bugtraq&m=109655691512298&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/17553 https://nvd.nist.gov https://www.exploit-db.com/exploits/24652/

CVE-2004-1563

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect