Description
Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.
Products
- Steve Kneizys Agora.cgi 3.2
- Steve Kneizys Agora.cgi 3.2a
- Steve Kneizys Agora.cgi 3.2b
- Steve Kneizys Agora.cgi 3.2c
- Steve Kneizys Agora.cgi 3.2d
- Steve Kneizys Agora.cgi 3.2e
- Steve Kneizys Agora.cgi 3.2f
- Steve Kneizys Agora.cgi 3.2g
- Steve Kneizys Agora.cgi 3.2h
- Steve Kneizys Agora.cgi 3.2i
- Steve Kneizys Agora.cgi 3.2j
- Steve Kneizys Agora.cgi 3.2ja
- Steve Kneizys Agora.cgi 3.2k
- Steve Kneizys Agora.cgi 3.2l
- Steve Kneizys Agora.cgi 3.2m
- Steve Kneizys Agora.cgi 3.2n
- Steve Kneizys Agora.cgi 3.2p
- Steve Kneizys Agora.cgi 3.2q
- Steve Kneizys Agora.cgi 3.2r
- Steve Kneizys Agora.cgi 3.3a
- Steve Kneizys Agora.cgi 3.3b
- Steve Kneizys Agora.cgi 3.3c
- Steve Kneizys Agora.cgi 3.3d
- Steve Kneizys Agora.cgi 3.3e
- Steve Kneizys Agora.cgi 3.3f
- Steve Kneizys Agora.cgi 3.3i
- Steve Kneizys Agora.cgi 3.3j
- Steve Kneizys Agora.cgi 4.0
- Steve Kneizys Agora.cgi 4.0a
- Steve Kneizys Agora.cgi 4.0b
- Steve Kneizys Agora.cgi 4.0c
- Steve Kneizys Agora.cgi 4.0d
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2001-1199, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2001-1199 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References