CVE-2001-1199

Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.

Published: Dec 17, 2001
Updated: Nov 9, 2025
CVE: CVE-2001-1199
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
steve_kneizys / agora.cgi	4.0d	4.0d.x
steve_kneizys / agora.cgi	3.3e	3.3e.x
steve_kneizys / agora.cgi	3.3b	3.3b.x
steve_kneizys / agora.cgi	3.3c	3.3c.x
steve_kneizys / agora.cgi	3.2f	3.2f.x
steve_kneizys / agora.cgi	3.2r	3.2r.x
steve_kneizys / agora.cgi	3.2	3.2.x
steve_kneizys / agora.cgi	3.3j	3.3j.x
steve_kneizys / agora.cgi	3.2l	3.2l.x
steve_kneizys / agora.cgi	3.2k	3.2k.x
steve_kneizys / agora.cgi	3.2d	3.2d.x
steve_kneizys / agora.cgi	3.2p	3.2p.x
steve_kneizys / agora.cgi	3.2j	3.2j.x
steve_kneizys / agora.cgi	3.2ja	3.2ja.x
steve_kneizys / agora.cgi	3.2e	3.2e.x
steve_kneizys / agora.cgi	4.0b	4.0b.x
steve_kneizys / agora.cgi	3.2g	3.2g.x
steve_kneizys / agora.cgi	3.2b	3.2b.x
steve_kneizys / agora.cgi	3.3f	3.3f.x
steve_kneizys / agora.cgi	3.2m	3.2m.x
steve_kneizys / agora.cgi	3.3i	3.3i.x
steve_kneizys / agora.cgi	4.0	4.0.x
steve_kneizys / agora.cgi	3.2a	3.2a.x
steve_kneizys / agora.cgi	3.2q	3.2q.x
steve_kneizys / agora.cgi	3.3a	3.3a.x
steve_kneizys / agora.cgi	4.0a	4.0a.x
steve_kneizys / agora.cgi	3.2i	3.2i.x
steve_kneizys / agora.cgi	3.2n	3.2n.x
steve_kneizys / agora.cgi	3.2h	3.2h.x
steve_kneizys / agora.cgi	3.2c	3.2c.x
steve_kneizys / agora.cgi	3.3d	3.3d.x
steve_kneizys / agora.cgi	4.0c	4.0c.x

Vulnerability Database

308,819

CVE-2001-1199

Deep Security Visibility Without the Complexity