CVE-2002-2129

Name of the Vulnerable Software and Affected Versions: w-Agora version 4.1.5

Description: A cross-site scripting issue exists, allowing remote attackers to execute arbitrary web scripts. This occurs when an attacker submits a form field name containing malicious script to editform.php, which then echoes the script back to the user when the form is displayed.

Recommendations: For w-Agora version 4.1.5, as a temporary workaround, consider validating and sanitizing all form field names in editform.php to prevent the execution of arbitrary scripts. Restrict access to editform.php until a proper fix is applied.