Agora Project

agora-project

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-67079 1Agora Project 1Agora Project Jan 21, 2026 Jan 15, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions.
CVE-2025-67078 1Agora Project 1Agora Project Mar 10, 2026 Jan 15, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors.
CVE-2025-67077 1Agora Project 1Agora Project Jan 21, 2026 Jan 15, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action.
CVE-2025-67076 1Agora Project 1Agora Project Jan 21, 2026 Jan 15, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extensio...Show more Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read.Show less
CVE-2017-6562 1Agora Project 1Agora Project May 13, 2026 Mar 9, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack.
CVE-2017-6561 1Agora Project 1Agora Project May 13, 2026 Mar 9, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack.
CVE-2017-6560 1Agora Project 1Agora Project May 13, 2026 Mar 9, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack.
CVE-2017-6559 1Agora Project 1Agora Project May 13, 2026 Mar 9, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack.