CVE-2017-6562

Name of the Vulnerable Software and Affected Versions Agora-Project version 3.2.2

Description The issue is related to a cross-site scripting (XSS) attack. It affects the index.php file, specifically when the ctrl parameter is set to 'file', the targetObjId parameter is set to 'fileFolder-2', and the targetObjIdChild parameter contains malicious input, allowing for an XSS attack.

Recommendations For Agora-Project version 3.2.2, as a temporary workaround, consider restricting access to the index.php file with the specified parameters until a patch is available. Avoid using the targetObjIdChild parameter in the affected API endpoint until the issue is resolved.