Vulnerabilities

CVE-2025-55135

by Fred · 07/08/2025

In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats other than PNG, JPEG, and WEBP are permitted by server/routes/userRoutes.js; this includes SVG.

More information : https://github.com/Msfv3n0m/vulnerability-research/tree/main/CVE-2025-55135

Similar

Tags: Cybersecurity Alert