agorafoundation/agora

agorafoundation/agora

Releases2

Frequency11 months 2 weeks

Last Release over 2 years ago

Stars97

An Open source, closed loop, user centric, cloud based learning and research platform

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-55135 ↗	Aug 7, 2025Thursday, 7 August 2025, 16:15	6.4 MEDIUM	—
In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats other than PNG, JPEG, and WEBP are permitted by server/routes/userRoutes.js; this includes SVG.
CVE-2025-55133 ↗	Aug 7, 2025Thursday, 7 August 2025, 16:15	6.4 MEDIUM	—
In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via topicName in client/agora/public/js/editorManager.js.
CVE-2025-55134 ↗	Aug 7, 2025Thursday, 7 August 2025, 16:15	6.4 MEDIUM	—
In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via tag in client/agora/public/js/editorManager.js.