FKIE_CVE-2001-1199

Vulnerability from fkie_nvd - Published: 2001-12-17 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.
References
cve@mitre.orghttp://www.agoracgi.com/security.htmlURL Repurposed
cve@mitre.orghttp://www.iss.net/security_center/static/7708.phpVendor Advisory
cve@mitre.orghttp://www.osvdb.org/698
cve@mitre.orghttp://www.securityfocus.com/archive/1/246044Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/3702Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.agoracgi.com/security.htmlURL Repurposed
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/7708.phpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/698
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/246044Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3702Exploit, Patch, Vendor Advisory
Impacted products
Vendor Product Version
steve_kneizys agora.cgi 3.2
steve_kneizys agora.cgi 3.2a
steve_kneizys agora.cgi 3.2b
steve_kneizys agora.cgi 3.2c
steve_kneizys agora.cgi 3.2d
steve_kneizys agora.cgi 3.2e
steve_kneizys agora.cgi 3.2f
steve_kneizys agora.cgi 3.2g
steve_kneizys agora.cgi 3.2h
steve_kneizys agora.cgi 3.2i
steve_kneizys agora.cgi 3.2j
steve_kneizys agora.cgi 3.2ja
steve_kneizys agora.cgi 3.2k
steve_kneizys agora.cgi 3.2l
steve_kneizys agora.cgi 3.2m
steve_kneizys agora.cgi 3.2n
steve_kneizys agora.cgi 3.2p
steve_kneizys agora.cgi 3.2q
steve_kneizys agora.cgi 3.2r
steve_kneizys agora.cgi 3.3a
steve_kneizys agora.cgi 3.3b
steve_kneizys agora.cgi 3.3c
steve_kneizys agora.cgi 3.3d
steve_kneizys agora.cgi 3.3e
steve_kneizys agora.cgi 3.3f
steve_kneizys agora.cgi 3.3i
steve_kneizys agora.cgi 3.3j
steve_kneizys agora.cgi 4.0
steve_kneizys agora.cgi 4.0a
steve_kneizys agora.cgi 4.0b
steve_kneizys agora.cgi 4.0c
steve_kneizys agora.cgi 4.0d
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7808DDA-412A-4798-B937-8FBA18A02CDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA2735C8-D031-4820-A07F-EEF0DA42C88B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF52B479-C94E-4EFB-86E2-D5F5EF72066E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2c:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B2145D6-0650-431A-9E1F-851619E5BE58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2d:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD5925D7-F12E-4C04-A6F0-070D1BFDE13F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2e:*:*:*:*:*:*:*",
              "matchCriteriaId": "F66BBAFC-CB62-481C-AAD9-AFBFC1570738",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2f:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CBE501A-DB0F-4FA0-80D9-45E0E3FFAB94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2g:*:*:*:*:*:*:*",
              "matchCriteriaId": "45F44DBA-A215-4A4B-9AC3-358AB61A1BD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2h:*:*:*:*:*:*:*",
              "matchCriteriaId": "599059EA-DA87-4B87-AE22-90628967A2A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2i:*:*:*:*:*:*:*",
              "matchCriteriaId": "802FE920-82B3-4D44-A449-736E009F53B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2j:*:*:*:*:*:*:*",
              "matchCriteriaId": "62BAC6C3-923F-4869-AA2E-2E5BC8F3C568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2ja:*:*:*:*:*:*:*",
              "matchCriteriaId": "67275AFF-A988-447B-A15E-B725173BCE75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2k:*:*:*:*:*:*:*",
              "matchCriteriaId": "39F34030-D87B-491A-993A-E227ED99EF0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2l:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A6F3D9C-CF75-4E7B-A34D-5D515543E16B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2m:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6076E9F-CBBD-4AAC-94D9-AAB9B5F7D747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2n:*:*:*:*:*:*:*",
              "matchCriteriaId": "9641B186-4795-4A01-9A2E-0B6EAFBAA847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2p:*:*:*:*:*:*:*",
              "matchCriteriaId": "B43B8E13-15A8-4333-997B-A65D1F95120D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2q:*:*:*:*:*:*:*",
              "matchCriteriaId": "01CD9379-81D4-40E5-8712-C3ECC547BCA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2r:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C01009C-8A0F-4145-AFCC-266E9AC9F38F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D182707-0550-4730-BCC6-8E73726ACCA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3b:*:*:*:*:*:*:*",
              "matchCriteriaId": "131B3AC9-E1BE-474F-BF5A-EE3A2F3925DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3c:*:*:*:*:*:*:*",
              "matchCriteriaId": "B64A8A45-C79E-4B40-A9E0-DBE59620B98C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3d:*:*:*:*:*:*:*",
              "matchCriteriaId": "C75EC15B-B1FB-4D25-8281-791628336B77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3e:*:*:*:*:*:*:*",
              "matchCriteriaId": "660D3973-C72E-419F-B258-099AFE7D17F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3f:*:*:*:*:*:*:*",
              "matchCriteriaId": "52255955-5C2F-41CC-B1F6-9B14AE1FF08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3i:*:*:*:*:*:*:*",
              "matchCriteriaId": "91E45149-B2BB-444F-ABF4-6FC8FF7DED13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3j:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF7E4671-A0C9-449A-9CF6-9F5E5485DAC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA62D301-78C5-4F44-9A54-E7BD860121DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BEF1EB8-7341-48AB-A220-6D1760B40A21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0b:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7527F9F-EB74-40B3-82D0-952910C29B9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0c:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F67E952-4F8F-4C67-94B9-63097BF7B33B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0d:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5308E74-F9CB-44D3-B89D-6D27266CD552",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en agora.cgi para las versiones de la 3.0a a la 4.0g de Agora, cuando el modo de depuraci\u00f3n esta activado, permite a atacantes remotos la ejecuci\u00f3n de Javascript en otros clientes mediante el uso del par\u00e1metro \u0027cart_id\u0027."
    }
  ],
  "id": "CVE-2001-1199",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-12-17T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "URL Repurposed"
      ],
      "url": "http://www.agoracgi.com/security.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/7708.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/698"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/246044"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3702"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "URL Repurposed"
      ],
      "url": "http://www.agoracgi.com/security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/7708.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/246044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3702"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.