Msfv3n0m

3 exploits Active since Aug 2025
CVE-2025-55133 WRITEUP MEDIUM WRITEUP
Agora Foundation Agora fall23-Alpha1 - XSS
In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via topicName in client/agora/public/js/editorManager.js.
CVSS 6.4
CVE-2025-55134 WRITEUP MEDIUM WRITEUP
Agora Foundation Agora fall23-Alpha1 - XSS
In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via tag in client/agora/public/js/editorManager.js.
CVSS 6.4
CVE-2025-55135 WRITEUP MEDIUM WRITEUP
Agora Foundation Agora fall23-Alpha1 - XSS
In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats other than PNG, JPEG, and WEBP are permitted by server/routes/userRoutes.js; this includes SVG.
CVSS 6.4