VYPR
← All advisories
Medium severity6.4OSV Advisory· Published Aug 7, 2025· Updated Apr 15, 2026

CVE-2025-55134

CVE-2025-55134

Description

In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via tag in client/agora/public/js/editorManager.js.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CVE-2025-55134 is a stored XSS vulnerability in Agora fall23-Alpha1 that executes arbitrary JavaScript via crafted workspace tags.

A stored cross-site scripting (XSS) vulnerability exists in Agora Foundation's fall23-Alpha1 release prior to commit b087490. The root cause is the use of innerHTML to insert user-controlled workspace tag content into the DOM without sanitization, as seen in the renderTag function within client/agora/public/js/editorManager.js [1][3].

Exploitation

An attacker can include a malicious JavaScript payload in the workspace tag. When any user visits the affected workspace, the tag is rendered in the UI, causing the payload to execute in the context of the victim's browser session. No special authentication is mentioned beyond standard access to create or modify workspace tags [2].

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the web browser of a user viewing the workspace. This could lead to session hijacking, defacement, or theft of sensitive information depending on the application's context [2].

Mitigation

The vulnerability is fixed in commit b087490, which replaces innerHTML with textContent in the relevant code paths, preventing HTML injection [1][3]. Users should update to a version containing this fix or apply the patch.

References
  1. Fix/xss vulnerabilities by Msfv3n0m · Pull Request #556 · agorafoundation/agora
  2. CVEs/CVE-2025-55134 at main · Msfv3n0m/CVEs
  3. replace innerHTML with textContent · agorafoundation/agora@b087490

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Agorafoundation/AgoraOSV2 versions
    Archive-tag-pre-ejs-trim, fall23-Alpha1+ 1 more
    • (no CPE)range: Archive-tag-pre-ejs-trim, fall23-Alpha1
    • (no CPE)range: < b087490

Patches

1
b087490042cb

replace innerHTML with textContent

https://github.com/agorafoundation/agoraMsfv3n0mJul 17, 2025via osv
commit
1 file changed · +2 2
  • client/agora/public/js/editorManager.js+2 2 modified
    @@ -184,7 +184,7 @@ const createTopicEditorGui = async function ( ) {
                 let tabBtnName = document.createElement( "span" );
                 tabBtnName.id = "tabTopicName-" + getCurrentWorkspace().topics[i].topicId;
                 if( getCurrentWorkspace().topics[i].topicName ){
-                    tabBtnName.innerHTML = getCurrentWorkspace().topics[i].topicName;
+                    tabBtnName.textContent = getCurrentWorkspace().topics[i].topicName;
                 }
                 else{
                     tabBtnName.innerHTML = "Untitled";
@@ -1528,7 +1528,7 @@ const renderTag = ( tag ) => {
     const currTags = document.getElementById( "curr-tags" );
     const newTag = document.createElement( "div" );
 
-    newTag.innerHTML = tag;
+    newTag.textContent = tag;
     newTag.setAttribute( "class", "styled-tags" );
     newTag.setAttribute( "id", "tag-" + newTag.innerHTML );

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.