CVE-2004-1563
published 2004-12-31CVE-2004-1563: Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.01%
78.4th percentile
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| w-agora | w-agora | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
W-Agora 4.1.6 - 'a download_thread.php?thread' Cross-Site Scripting
exploitdb·2004-09-30
CVE-2004-1563 W-Agora 4.1.6 - 'a download_thread.php?thread' Cross-Site Scripting
W-Agora 4.1.6 - 'a download_thread.php?thread' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11283/info
Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, and HTTP response splitting attacks.
These issues were identified in W-Agora 4.1.6a, however, it is possible that other versions are also affected.
download_thread.php?site=support&bn=support_install&thread=[XSS code here]
Exploit-DB
W-Agora 4.1.6a - 'login.php?loginuser' Cross-Site Scripting
exploitdb·2004-09-30
CVE-2004-1563 W-Agora 4.1.6a - 'login.php?loginuser' Cross-Site Scripting
W-Agora 4.1.6a - 'login.php?loginuser' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11283/info
Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, and HTTP response splitting attacks.
These issues were identified in W-Agora 4.1.6a, however, it is possible that other versions are also affected.
POST /login.php HTTP/1.1
Host: w-agora
Content-Type: application/x-www-form-urlencoded
Content-Length: 89
loginform=1&redirect_url=1&loginuser=[XSS code here]&loginpassword=1
Exploit-DB
W-Agora 4.1.6 - 'a forgot_password.php?userid' Cross-Site Scripting
exploitdb·2004-09-30
CVE-2004-1563 W-Agora 4.1.6 - 'a forgot_password.php?userid' Cross-Site Scripting
W-Agora 4.1.6 - 'a forgot_password.php?userid' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11283/info
Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, and HTTP response splitting attacks.
These issues were identified in W-Agora 4.1.6a, however, it is possible that other versions are also affected.
POST /forgot_password.php HTTP/1.1
Host: w-agora
Content-Type: application/x-www-form-urlencoded
Content-Length: 48
go=1&userid=[XSS code here]
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/027040.htmlhttp://marc.info/?l=bugtraq&m=109655691512298&w=2http://secunia.com/advisories/12695http://securitytracker.com/id?1011463http://www.securityfocus.com/bid/11283https://exchange.xforce.ibmcloud.com/vulnerabilities/17553http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/027040.htmlhttp://marc.info/?l=bugtraq&m=109655691512298&w=2http://secunia.com/advisories/12695http://securitytracker.com/id?1011463http://www.securityfocus.com/bid/11283https://exchange.xforce.ibmcloud.com/vulnerabilities/17553
2004-12-31
Published