Primary

Context

Agora Foundation Agora XSS Vulnerability in Editor Manager

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Agora Foundation's Agora fall23-Alpha1 version prior to b087490. The issue arises in the editorManager.js file, where user input is improperly sanitized before being rendered, allowing for the injection of malicious scripts.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

The vulnerability can be reproduced by uploading a profile picture that does not meet the file type requirements, which will trigger an error. Additionally, XSS payloads can be submitted to the topic name field, where they will be rendered as HTML instead of plain text, executing the injected scripts.

Remediation

Users can update to Agora Foundation Agora version b087490 or later, where this vulnerability has been fixed.

Added: Aug 7, 2025, 4:22 PM

Updated: Aug 7, 2025, 4:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.3

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.3

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Agora Foundation Agora XSS Vulnerability in Editor Manager

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating