Vulnerabilities > CVE-2006-2228 - Unspecified vulnerability in W-Agora 4.2.0

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
w-agora
exploit available
NVD
Published: 2006-05-05
Updated: 2024-11-21

Summary

Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, which bypasses a restrictive regular expression that attempts to remove onmouseover and other events.

Vulnerable Configurations

Part Description Count
Application
W-Agora
1

Exploit-Db

descriptionW-Agora 4.2 BBCode Script Injection Vulnerability. CVE-2006-2228 . Webapps exploit for php platform
idEDB-ID:27783
last seen2016-02-03
modified2006-04-29
published2006-04-29
reporterr0xes
sourcehttps://www.exploit-db.com/download/27783/
titleW-Agora 4.2 BBCode Script Injection Vulnerability

References