mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
257 lines
9.3 KiB
JSON
257 lines
9.3 KiB
JSON
{
|
|
"id": "CVE-2001-1199",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2001-12-17T05:00:00.000",
|
|
"lastModified": "2008-09-05T20:25:56.233",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en agora.cgi para las versiones de la 3.0a a la 4.0g de Agora, cuando el modo de depuraci\u00f3n esta activado, permite a atacantes remotos la ejecuci\u00f3n de Javascript en otros clientes mediante el uso del par\u00e1metro 'cart_id'."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 7.5
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": true,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-Other"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A7808DDA-412A-4798-B937-8FBA18A02CDC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2a:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EA2735C8-D031-4820-A07F-EEF0DA42C88B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2b:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AF52B479-C94E-4EFB-86E2-D5F5EF72066E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2c:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9B2145D6-0650-431A-9E1F-851619E5BE58"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2d:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DD5925D7-F12E-4C04-A6F0-070D1BFDE13F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2e:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F66BBAFC-CB62-481C-AAD9-AFBFC1570738"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2f:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7CBE501A-DB0F-4FA0-80D9-45E0E3FFAB94"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2g:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "45F44DBA-A215-4A4B-9AC3-358AB61A1BD6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2h:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "599059EA-DA87-4B87-AE22-90628967A2A4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2i:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "802FE920-82B3-4D44-A449-736E009F53B3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2j:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "62BAC6C3-923F-4869-AA2E-2E5BC8F3C568"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2ja:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "67275AFF-A988-447B-A15E-B725173BCE75"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2k:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "39F34030-D87B-491A-993A-E227ED99EF0F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2l:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3A6F3D9C-CF75-4E7B-A34D-5D515543E16B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2m:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C6076E9F-CBBD-4AAC-94D9-AAB9B5F7D747"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2n:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9641B186-4795-4A01-9A2E-0B6EAFBAA847"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2p:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B43B8E13-15A8-4333-997B-A65D1F95120D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2q:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "01CD9379-81D4-40E5-8712-C3ECC547BCA6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2r:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3C01009C-8A0F-4145-AFCC-266E9AC9F38F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3a:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7D182707-0550-4730-BCC6-8E73726ACCA7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3b:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "131B3AC9-E1BE-474F-BF5A-EE3A2F3925DB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3c:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B64A8A45-C79E-4B40-A9E0-DBE59620B98C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3d:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C75EC15B-B1FB-4D25-8281-791628336B77"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3e:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "660D3973-C72E-419F-B258-099AFE7D17F3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3f:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "52255955-5C2F-41CC-B1F6-9B14AE1FF08B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3i:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "91E45149-B2BB-444F-ABF4-6FC8FF7DED13"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3j:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CF7E4671-A0C9-449A-9CF6-9F5E5485DAC6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CA62D301-78C5-4F44-9A54-E7BD860121DF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0a:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7BEF1EB8-7341-48AB-A220-6D1760B40A21"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0b:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B7527F9F-EB74-40B3-82D0-952910C29B9C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0c:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3F67E952-4F8F-4C67-94B9-63097BF7B33B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0d:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D5308E74-F9CB-44D3-B89D-6D27266CD552"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.agoracgi.com/security.html",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.iss.net/security_center/static/7708.php",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/246044",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/3702",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Exploit",
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |