Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, which bypasses a restrictive regular expression that attempts to remove onmouseover and other events.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
W-Agora 跨站脚本(XSS) 漏洞
Vulnerability Description
W-Agora (又称 Web-Agora) 4.2.0存在跨站脚本(XSS) 漏洞。 远程攻击者可以借助含 BBCode标签的帖子注入任意Web脚本或HTML。它包含一个JavaScript事件名称,后面是'=' (等于)字符前面的whitespace,可绕过用于移除onmouseover及其他事件的限制性正则表达式。
CVSS Information
N/A
Vulnerability Type
N/A