CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2006-2228 – W-Agora 4.2 - BBCode Script Injection
https://notcve.org/view.php?id=CVE-2006-2228
05 May 2006 — Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, which bypasses a restrictive regular expression that attempts to remove onmouseover and other events. • https://www.exploit-db.com/exploits/27783 •
CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 5CVE-2005-2648 – W-Agora 4.2 - 'Site' Directory Traversal
https://notcve.org/view.php?id=CVE-2005-2648
21 Aug 2005 — Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter. • https://www.exploit-db.com/exploits/26169 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2004-1562 – W-Agora 4.1.6 - 'a redir_url.php?key' SQL Injection
https://notcve.org/view.php?id=CVE-2004-1562
31 Dec 2004 — SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter. • https://www.exploit-db.com/exploits/24648 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 5CVE-2004-1563 – W-Agora 4.1.6 - 'a download_thread.php?thread' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1563
31 Dec 2004 — Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php. • https://www.exploit-db.com/exploits/24650 •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 3CVE-2004-1564 – W-Agora 4.1.6a - 'subscribe_thread.php' HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2004-1564
31 Dec 2004 — CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter. • https://www.exploit-db.com/exploits/24651 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2004-1565
https://notcve.org/view.php?id=CVE-2004-1565
31 Dec 2004 — list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/027040.html •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 4CVE-2002-1878 – W-Agora 4.1.x - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2002-1878
31 Dec 2002 — PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter. • https://www.exploit-db.com/exploits/21529 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2002-2128
https://notcve.org/view.php?id=CVE-2002-2128
31 Dec 2002 — editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. (dot dot) sequences in the file parameter. • http://archives.neohapsis.com/archives/bugtraq/2002-12/0222.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2002-2129 – W-Agora 4.1.6 - 'EditForm.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-2129
31 Dec 2002 — Cross-site scripting vulnerability (XSS) in editform.php for w-Agora 4.1.5 allows remote attackers to execute arbitrary web script via an arbitrary form field name containing the script, which is echoed back to the user when displaying the form. • https://www.exploit-db.com/exploits/22109 •