Skip to main content

Agora Project

8 CVEs product

Monthly

CVE-2025-67079 CRITICAL Act Now

Omnispace Agora Project (before 25.10) allows RCE through crafted PDF upload that exploits the ImageMagick MSL engine via the thumbnail function.

File Upload Agora Project
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-67078 MEDIUM This Month

Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors. [CVSS 6.1 MEDIUM]

XSS Agora Project
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-67077 HIGH This Week

Agora-Project versions up to 25.10 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

File Upload Agora Project
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-67076 HIGH This Week

Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read. [CVSS 7.5 HIGH]

Path Traversal Agora Project
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2017-6562 MEDIUM POC This Month

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Agora Project
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6561 MEDIUM POC This Month

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Agora Project
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6560 MEDIUM POC This Month

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Agora Project
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6559 MEDIUM POC This Month

XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Agora Project
NVD
CVSS 3.0
6.1
EPSS
0.2%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Omnispace Agora Project (before 25.10) allows RCE through crafted PDF upload that exploits the ImageMagick MSL engine via the thumbnail function.

File Upload Agora Project
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors. [CVSS 6.1 MEDIUM]

XSS Agora Project
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Agora-Project versions up to 25.10 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

File Upload Agora Project
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read. [CVSS 7.5 HIGH]

Path Traversal Agora Project
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Agora Project
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Agora Project
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Agora Project
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Agora Project
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy