Vulnerabilities > CVE-2007-1606 - Cross-Site Scripting vulnerability in W-Agora 4.2.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description W-Agora 4.2.1 change_password.php userid Parameter XSS. CVE-2007-1606. Webapps exploit for php platform id EDB-ID:29766 last seen 2016-02-03 modified 2007-03-20 published 2007-03-20 reporter laurent gaffie source https://www.exploit-db.com/download/29766/ title W-Agora 4.2.1 change_password.php userid Parameter XSS description W-Agora 4.2.1 profile.php showuser Parameter XSS. CVE-2007-1606. Webapps exploit for php platform id EDB-ID:29764 last seen 2016-02-03 modified 2007-03-20 published 2007-03-20 reporter laurent gaffie source https://www.exploit-db.com/download/29764/ title W-Agora 4.2.1 profile.php showuser Parameter XSS description W-Agora 4.2.1 search.php search_user Parameter XSS. CVE-2007-1606 . Webapps exploit for php platform id EDB-ID:29765 last seen 2016-02-03 modified 2007-03-20 published 2007-03-20 reporter laurent gaffie source https://www.exploit-db.com/download/29765/ title W-Agora 4.2.1 - search.php search_user Parameter XSS
References
- http://osvdb.org/34377
- http://osvdb.org/34378
- http://osvdb.org/34379
- http://secunia.com/advisories/24605
- http://securityreason.com/securityalert/2462
- http://www.securityfocus.com/archive/1/463286/100/0/threaded
- http://www.securityfocus.com/bid/23057
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33175