VYPR
← All advisories
Medium severity6.4OSV Advisory· Published Aug 7, 2025· Updated Apr 15, 2026

CVE-2025-55133

CVE-2025-55133

Description

In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via topicName in client/agora/public/js/editorManager.js.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A stored XSS vulnerability in Agora Foundation fall23-Alpha1 allows attackers to execute arbitrary JavaScript via a malicious workspace topicName.

Vulnerability

Analysis

A stored cross-site scripting (XSS) vulnerability exists in Agora Foundation fall23-Alpha1 (before commit b087490). The root cause is the use of innerHTML to set the topicName in client/agora/public/js/editorManager.js [1][3]. This allows untrusted input to be interpreted as HTML, enabling script injection.

Exploitation

An attacker with the ability to create or edit a workspace can inject a malicious payload into the topicName field [2]. The payload is then rendered when any user visits that workspace, executing arbitrary JavaScript in the victim's browser. No special privileges beyond workspace creation are required.

Impact

Successful exploitation allows a remote attacker to execute arbitrary JavaScript in the context of a vulnerable user's session. This can lead to session hijacking, data theft, or defacement of the workspace UI for all users who view the affected workspace.

Mitigation

The vulnerability is fixed in commit b087490, which replaces innerHTML with textContent when rendering the topic name and tag elements [3]. Users should update to a version that includes this commit or later. No workarounds have been provided for the vulnerable fall23-Alpha1 release.

References
  1. Fix/xss vulnerabilities by Msfv3n0m · Pull Request #556 · agorafoundation/agora
  2. CVEs/CVE-2025-55133 at main · Msfv3n0m/CVEs
  3. replace innerHTML with textContent · agorafoundation/agora@b087490

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Agorafoundation/AgoraOSV2 versions
    Archive-tag-pre-ejs-trim, fall23-Alpha1+ 1 more
    • (no CPE)range: Archive-tag-pre-ejs-trim, fall23-Alpha1
    • (no CPE)range: < commit b087490

Patches

1
b087490042cb

replace innerHTML with textContent

https://github.com/agorafoundation/agoraMsfv3n0mJul 17, 2025via osv
commit
1 file changed · +2 2
  • client/agora/public/js/editorManager.js+2 2 modified
    @@ -184,7 +184,7 @@ const createTopicEditorGui = async function ( ) {
                 let tabBtnName = document.createElement( "span" );
                 tabBtnName.id = "tabTopicName-" + getCurrentWorkspace().topics[i].topicId;
                 if( getCurrentWorkspace().topics[i].topicName ){
-                    tabBtnName.innerHTML = getCurrentWorkspace().topics[i].topicName;
+                    tabBtnName.textContent = getCurrentWorkspace().topics[i].topicName;
                 }
                 else{
                     tabBtnName.innerHTML = "Untitled";
@@ -1528,7 +1528,7 @@ const renderTag = ( tag ) => {
     const currTags = document.getElementById( "curr-tags" );
     const newTag = document.createElement( "div" );
 
-    newTag.innerHTML = tag;
+    newTag.textContent = tag;
     newTag.setAttribute( "class", "styled-tags" );
     newTag.setAttribute( "id", "tag-" + newTag.innerHTML );

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.