CVE-2017-6560

Name of the Vulnerable Software and Affected Versions Agora-Project version 3.2.2

Description The issue is related to a cross-site scripting (XSS) attack. The attack can be performed using the "index.php?ctrl=misc&action=[XSS]&editObjId=[XSS]" endpoint, where action and editObjId are vulnerable parameters. This allows an attacker to inject malicious scripts into the website.

Recommendations For Agora-Project version 3.2.2, as a temporary workaround, consider restricting access to the "index.php?ctrl=misc&action=" endpoint and validating user input for the action and editObjId parameters to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.