XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack.
agora-project agora-project 3.2.2