Agora Project
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6562 | Med | 0.40 | 6.1 | 0.01 | Mar 9, 2017 | XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack. | ||
| CVE-2017-6561 | Med | 0.40 | 6.1 | 0.01 | Mar 9, 2017 | XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack. | ||
| CVE-2017-6560 | Med | 0.40 | 6.1 | 0.01 | Mar 9, 2017 | XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack. | ||
| CVE-2017-6559 | Med | 0.40 | 6.1 | 0.01 | Mar 9, 2017 | XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack. | ||
| CVE-2025-67077 | 0.00 | — | 0.00 | Jan 15, 2026 | File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action. | |||
| CVE-2025-67078 | 0.00 | — | 0.00 | Jan 15, 2026 | Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors. |
- risk 0.40cvss 6.1epss 0.01
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack.
- risk 0.40cvss 6.1epss 0.01
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack.
- risk 0.40cvss 6.1epss 0.01
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack.
- risk 0.40cvss 6.1epss 0.01
XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack.
- CVE-2025-67077Jan 15, 2026risk 0.00cvss —epss 0.00
File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action.
- CVE-2025-67078Jan 15, 2026risk 0.00cvss —epss 0.00
Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors.