Last Modified: July 11, 2017
Cross-site scripting vulnerability (XSS) in editform.php for w-Agora 4.1.5 allows remote attackers to execute arbitrary web script via an arbitrary form field name containing the script, which is echoed back to the user when displaying the form.
Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiality Impact: None
Integrity Impact: Partial
Availability Impact: None
Base Score: 4.3
Exploitability Score: 8.6
Impact Score: 2.9
CVSS V2: AV:N/AC:M/Au:N/C:N/I:P/A:N
NVD-CWE-Other
| Condition | Configuration | |
|---|---|---|
| OR | ||
| OR | ||
| cpe:2.3:a:w-agora:w-agora:4.1.5:*:*:*:*:*:*:* Part: a Vendor: w-agora | Alle Schwachstellen für w-agora | |
<?xml version="1.0" ?>
<set operator="and">
<set operator="or">
<prop key="application" value="cpe:2.3:a:w-agora:w-agora:4.1.5:*:*:*:*:*:*:*"/>
</set>
<prop key="program_influence" value="input"/>
<prop key="range" value="remote"/>
</set>
<?xml version="1.0" ?>
<set operator="and">
<prop key="target" value="host"/>
<set operator="or">
<prop key="program_influence" value="input"/>
<prop key="program_influence" value="output"/>
<prop key="program_influence" value="existence"/>
</set>
<prop key="data" value="any"/>
<set operator="or">
<prop key="data_influence" value="write"/>
<prop key="data_influence" value="delete"/>
</set>
<set operator="or">
<prop key="range" value="remote"/>
<prop key="range" value="local"/>
</set>
</set>