Aggregates CVE and security vulnerability intelligence across all agora-project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk path handling and related problems; some flaws may lead to vendor impact session compromise and vendor impact file overwrite.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-67079 | File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions. | [email protected] | 9.8 | 0.07% | 2026-01-15 | 2026-01-21 |
| CVE-2025-67078 | Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors. | [email protected] | 6.1 | 0.03% | 2026-01-15 | 2026-03-10 |
| CVE-2025-67077 | File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action. | [email protected] | 8.8 | 0.02% | 2026-01-15 | 2026-01-21 |
| CVE-2025-67076 | Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read. | [email protected] | 7.5 | 0.15% | 2026-01-15 | 2026-01-21 |
| CVE-2017-6562 | XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack. | [email protected] | 6.1 | 0.33% | 2017-03-09 | 2026-05-13 |
| CVE-2017-6561 | XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack. | [email protected] | 6.1 | 0.33% | 2017-03-09 | 2026-05-13 |
| CVE-2017-6560 | XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack. | [email protected] | 6.1 | 0.33% | 2017-03-09 | 2026-05-13 |
| CVE-2017-6559 | XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack. | [email protected] | 6.1 | 0.18% | 2017-03-09 | 2026-05-13 |