Agora Project
CVE-2025-67078
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors.
AnalysisAI
Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors. [CVSS 6.1 MEDIUM]
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Affects the notify component of Agora-Project. Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
More in Agora Project
View allXSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack. Ra
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack. Rated medium severity (CVSS 6.1), t
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack. Rated medium severity
XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack. Rated medium severity (CVSS 6.
Omnispace Agora Project (before 25.10) allows RCE through crafted PDF upload that exploits the ImageMagick MSL engine vi
Agora-Project versions up to 25.10 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read fil
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today