Описание
Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.1 (включая)
Одно из
cpe:2.3:a:w-agora:w-agora:*:*:*:*:*:*:*:*
cpe:2.3:a:w-agora:w-agora:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:w-agora:w-agora:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:w-agora:w-agora:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:w-agora:w-agora:4.0.2a:*:*:*:*:*:*:*
cpe:2.3:a:w-agora:w-agora:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:w-agora:w-agora:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:w-agora:w-agora:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:w-agora:w-agora:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:w-agora:w-agora:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:w-agora:w-agora:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:w-agora:w-agora:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:w-agora:w-agora:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:w-agora:w-agora:4.1.6a:*:*:*:*:*:*:*
cpe:2.3:a:w-agora:w-agora:4.1.7:*:*:*:*:*:*:*
cpe:2.3:a:w-agora:w-agora:4.2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01487
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter.
EPSS
Процентиль: 81%
0.01487
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79