Steve Kneizys : Security Vulnerabilities, CVEs,
Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message.
Max CVSS
5.0
EPSS Score
0.50%
Published
2002-05-16
Updated
2008-09-11
Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.
Max CVSS
7.5
EPSS Score
9.37%
Published
2001-12-17
Updated
2008-09-05
2 vulnerabilities found