CVE-2025-67078

Published: Jan 15, 2026Modified: Mar 10, 2026

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors.

Affected (1)

Products: Agora Project: Agora Project

Agora Project

1 product

Agora Project

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Agora Project Agora Project	Before 25.10

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://www.agora-project.net

Source: cve@mitre.org

Product

https://www.helx.io/blog/advisory-agora-project/

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.