← Back

Agora Project

agora-project

8 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Agora Project
agora-project
8 CVEs

CVEs (8)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-67079
1Agora Project
1Agora Project
Jan 21, 2026
Jan 15, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions.
CVE-2025-67078
1Agora Project
1Agora Project
Mar 10, 2026
Jan 15, 2026
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors.
CVE-2025-67077
1Agora Project
1Agora Project
Jan 21, 2026
Jan 15, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action.
CVE-2025-67076
1Agora Project
1Agora Project
Jan 21, 2026
Jan 15, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extensio...Show more
Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read.Show less
CVE-2017-6562
1Agora Project
1Agora Project
May 13, 2026
Mar 9, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack.
CVE-2017-6561
1Agora Project
1Agora Project
May 13, 2026
Mar 9, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack.
CVE-2017-6560
1Agora Project
1Agora Project
May 13, 2026
Mar 9, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack.
CVE-2017-6559
1Agora Project
1Agora Project
May 13, 2026
Mar 9, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack.