Primary

Context

Omnispace Agora Project Cross-Site Scripting Vulnerability

Vulnerability

Patched

A cross-site scripting (XSS) vulnerability has been identified in the Omnispace Agora Project, affecting versions prior to 25.10. This vulnerability allows attackers to execute arbitrary code by injecting malicious scripts into the notify parameter of the file controller, which is used for error display.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a request to the file controller's notify parameter with a script payload. The injected script will be executed in the browser of the user viewing the error notification.

Remediation

Users can update to Omnispace Agora Project version 25.10 or later to address this vulnerability.

Added: Jan 15, 2026, 4:21 PM

Updated: Jan 15, 2026, 4:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

1.7

exploitability

6.7

remediation

7.7

relevance

2.1

threat

1.6

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

1.7

exploitability

6.7

remediation

7.7

relevance

2.1

threat

1.6

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Omnispace Agora Project Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Agora Project

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating