3 matches found
CVE-2025-55135
In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats other than PNG, JPEG, and WEBP are permitted by server/routes/userRoutes.js; this includes SVG...
PT-2025-32269 · Unknown · Agora Foundation
Name of the Vulnerable Software and Affected Versions: Agora Foundation Agora fall23-Alpha1 versions prior to 690ce56 Description: The application permits file formats other than PNG, JPEG, and WEBP for profile pictures, including SVG. This allows for cross-site scripting XSS via a crafted profil...
CVE-2025-55135
In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats other than PNG, JPEG, and WEBP are permitted by server/routes/userRoutes.js; this includes SVG...