Msfv3N0M

**Name of the Vulnerable Software and Affected Versions** Agora Foundation Agora fall23-Alpha1 versions prior to b087490 **Description** The software contains a cross-site scripting issue via the `topicName` parameter in the `client/agora/public/js/editorManager.js` file. **Recommendations** Update Agora Foundation Agora to version b087490 or later.

**Name of the Vulnerable Software and Affected Versions** Agora Foundation versions prior to b087490 **Description** The software contains a cross-site scripting (XSS) issue due to improper handling of tags in the `client/agora/public/js/editorManager.js` file. **Recommendations** Update Agora Foundation to version b087490 or later.

**Name of the Vulnerable Software and Affected Versions** Agora Foundation Agora fall23-Alpha1 versions prior to 690ce56 **Description** The application permits file formats other than PNG, JPEG, and WEBP for profile pictures, including SVG. This allows for cross-site scripting (XSS) via a crafted profile picture, impacting the `server/controller/userController.js` component. The vulnerability originates from insufficient file type validation in `server/routes/userRoutes.js`. **Recommendations** Update Agora Foundation Agora to version 690ce56 or later.

**Name of the Vulnerable Software and Affected Versions** ERC (aka Emotion Recognition in Conversation) versions through 0.3 **Description** ERC (aka Emotion Recognition in Conversation) is susceptible to insecure deserialization due to the use of `jsonpickle` when handling serialized objects. **Recommendations** Versions prior to 0.3 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.