CVE-2001-1199

Name of the Vulnerable Software and Affected Versions Agora versions 3.0a through 4.0g

Description The issue allows remote attackers to execute Javascript on other clients via the cart id parameter in agora.cgi when debug mode is enabled. This occurs because of a cross-site scripting issue.

Recommendations For Agora versions 3.0a through 4.0g, consider disabling debug mode in agora.cgi to prevent exploitation until a patch is available. Additionally, restrict access to the cart id parameter to minimize the risk of malicious script execution.