CNNVD-202508-666 Information

CNNVD ID

CNNVD-202508-666

Related CVE

CVE-2025-55135

• CNNVD Published: 2025-08-07

Description (Chinese)

agora是Agora Foundation开源的一个基于云的学习和研究平台。 agora fall23-Alpha1 690ce56之前版本存在代码问题漏洞，该漏洞源于用户控制器允许非标准图片格式导致跨站脚本攻击。

Description (English)

agora is a cloud-based learning and research platform for the Agora Foundation. There was a code problem loophole in the pre-Agora fall 23-Alpha 1 690ce56 version, which stemmed from the user controller allowing non-standard photo formats to lead to a cross-site script attack.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Agora Foundation

Published

2025-08-07

Last Modified

2026-02-24

References

https://github.com/agorafoundation/agora/blob/90f7f9c217cf1d5dc9d27f5695cd65b61a4c4759/server/controller/userController.js#L332-L336 https://github.com/agorafoundation/agora/commit/690ce56f254af01375b6033e53a80f14d7cc002e https://github.com/agorafoundation/agora/pull/556

Patch

https://freeagora.org/