CVE-2010-4868
W-Agora < 4.2.1 - Cross-Site Scripting via search.php3 bn Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2010-4868. PoCs published by MustLive.
AI-analyzed exploit summary The provided text describes a local file inclusion (LFI) and cross-site scripting (XSS) vulnerability in w-Agora 4.2.1 and prior. It explains the attack vectors but does not include functional exploit code.
Description
Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by MustLive · textwebappsphp
https://www.exploit-db.com/exploits/34906
The provided text describes a local file inclusion (LFI) and cross-site scripting (XSS) vulnerability in w-Agora 4.2.1 and prior. It explains the attack vectors but does not include functional exploit code.
Classification
Writeup 90%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Theoretical
Target:
w-Agora 4.2.1 and prior
No auth needed
Prerequisites:
Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (4)
Core 4
Core References
Exploit x_refsource_misc
http://packetstormsecurity.org/1010-exploits/wagora-lfixss.txt
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8426
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/514420/100/0/threaded
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/44370
Scores
EPSS
0.0147
EPSS Percentile
70.4%
Details
CWE
CWE-79
Status
published
Products (16)
w-agora/w-agora
4.0.0
w-agora/w-agora
4.0.1
w-agora/w-agora
4.0.2
w-agora/w-agora
4.0.2a
w-agora/w-agora
4.0.3
w-agora/w-agora
4.1.0
w-agora/w-agora
4.1.1
w-agora/w-agora
4.1.2
w-agora/w-agora
4.1.3
w-agora/w-agora
4.1.4
... and 6 more
Published
Oct 05, 2011
Tracked Since
Feb 18, 2026